To monitor
a Unix server via Public Key Authentication in SSH mode, you need to generate a
set of RSA or DSA key pairs.
To generate
RSA or DSA SSH key pairs:
- For windows, you can use a free tool like PuTTYgen.
- For Linux,
you can use ssh-keygen command.
Steps for generating SSH key pairs from any Linux server:
1. Log in as the user responsible for
monitoring (e.g., appmanager) on a Linux server (Server1) and open a terminal
or command prompt.
2. Create the ~/.ssh/ folder if it
doesn't already exist and set the correct permissions:
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
3. Generate an RSA or DSA key pair:
RSA
- ssh-keygen -t rsa -f ~/.ssh/apm_key
DSA
- ssh-keygen -t dsa -f ~/.ssh/apm_key
Note: This command will
generate both the private key (e.g., apm_key) and the corresponding public key
(e.g., apm_key.pub) in the ~/.ssh/ folder.
The options -f (custom file name) is optional. If skipped, the default key pair
(e.g., id_rsa or id_dsa) will be generated.
4. Copy the public key to the
server (Server2) that needs to be monitored using the command:
- ssh-copy-id -i ~/.ssh/apm_key.pub <username>@<hostname>
This command will copy
the public key to the appropriate location on the destination server and
configure the permissions automatically. Replace <username> with the username
associated with the account on Server2 where you want to copy the public key.
Similarly, replace <hostname> with the actual hostname or IP address of Server2.
Example:
ssh-copy-id -i ~/.ssh/apm_key.pub
appmanager@server2
5. Update the SSH server configuration
on Server2:
* Edit the SSH server configuration file (usually located in /etc/ssh/sshd_config).
* Only SSH protocol version 2 is supported. So update Protocol key in sshd_config to 2.
* Optional - If you want to disable password authentication for this user, update PasswordAuthentication key in sshd_config file to no.
- PasswordAuthentication no
* Save the changes and restart the SSH daemon using the command:
- /etc/rc.d/sshd restart
6. From Server1's command
prompt, connect to Server2 using the username associated with the account to which you copied the public key:
- ssh <username>@<hostname>
Replace <username> with the appropriate username
and <hostname> with the actual hostname or IP address of Server2.
Example:
ssh appmanager@server2
By following
the above steps, you should be able to log in to Server2 from Server1 without being
prompted for a password.
7. If the previous steps are successful
and you can log in to Server2 from Server1 without being prompted for a
password, you can proceed to use the private key available on Server1 to add
Server2 in the Applications Manager. This step ensures secure monitoring of
Server2 using SSH key-based authentication.
8. Additionally, you have the
flexibility to copy the same public key (following steps 4 and 5) to any other
servers you need to monitor. By repeating the process for each server, you can
use the same private key generated on Server1 to authenticate and monitor all
those servers securely in Applications Manager.
By
following these added steps, you can centralize your monitoring efforts using a
single private key while utilizing the respective public keys on different
servers for secure and efficient monitoring.
If you're having trouble adding a monitor in Applications Manager, refer
this troubleshooting link.