How can I generate SSH key for public key based authentication in server monitors?
To monitor
a Unix server via Public Key Authentication in SSH mode, you need to generate a
set of RSA or DSA key pairs.
To generate
RSA or DSA SSH key pairs:
- For windows, you can use a free tool like PuTTYgen.
- For Linux,
you can use ssh-keygen command.
Steps for generating SSH key pairs from any Linux server:
1. Log in as the user responsible for
monitoring (e.g., appmanager) on a Linux server (Server1) and open a terminal
or command prompt.
2. Create the ~/.ssh/ folder if it
doesn't already exist and set the correct permissions:
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
3. Generate an RSA or DSA key pair:
RSA
- ssh-keygen -t rsa -f ~/.ssh/apm_key
DSA
- ssh-keygen -t dsa -f ~/.ssh/apm_key
Note: This command will
generate both the private key (e.g., apm_key) and the corresponding public key
(e.g., apm_key.pub) in the ~/.ssh/ folder.
The options -f (custom file name) is optional. If skipped, the default key pair
(e.g., id_rsa or id_dsa) will be generated.
4. Copy the public key to the
server (Server2) that needs to be monitored using the command:
- ssh-copy-id -i ~/.ssh/apm_key.pub <username>@<hostname>
This command will copy
the public key to the appropriate location on the destination server and
configure the permissions automatically. Replace <username> with the username
associated with the account on Server2 where you want to copy the public key.
Similarly, replace <hostname> with the actual hostname or IP address of Server2.
Example:
ssh-copy-id -i ~/.ssh/apm_key.pub appmanager@server2
ssh-copy-id -i ~/.ssh/apm_key.pub appmanager@server2
5. Update the SSH server configuration
on Server2:
* Edit the SSH server configuration file (usually located in /etc/ssh/sshd_config).
* Only SSH protocol version 2 is supported. So update Protocol key in sshd_config to 2.
- Protocol 2
* Optional - If you want to disable password authentication for this user, update PasswordAuthentication key in sshd_config file to no.
- PasswordAuthentication no
* Save the changes and restart the SSH daemon using the command:
- /etc/rc.d/sshd restart
6. From Server1's command
prompt, connect to Server2 using the username associated with the account to which you copied the public key:
- ssh <username>@<hostname>
Replace <username> with the appropriate username
and <hostname> with the actual hostname or IP address of Server2.
Example:
ssh appmanager@server2
ssh appmanager@server2
By following
the above steps, you should be able to log in to Server2 from Server1 without being
prompted for a password.
7. If the previous steps are successful
and you can log in to Server2 from Server1 without being prompted for a
password, you can proceed to use the private key available on Server1 to add
Server2 in the Applications Manager. This step ensures secure monitoring of
Server2 using SSH key-based authentication.
8. Additionally, you have the
flexibility to copy the same public key (following steps 4 and 5) to any other
servers you need to monitor. By repeating the process for each server, you can
use the same private key generated on Server1 to authenticate and monitor all
those servers securely in Applications Manager.
By
following these added steps, you can centralize your monitoring efforts using a
single private key while utilizing the respective public keys on different
servers for secure and efficient monitoring.
If you're having trouble adding a monitor in Applications Manager, refer this troubleshooting link.
If you're having trouble adding a monitor in Applications Manager, refer this troubleshooting link.
New to ADSelfService Plus?
Related Articles
Troubleshoot SSH key based authentication failures
Follow the suggestions given below to troubleshoot SSH key based authentication failures Check server availability. Click here to know how to check server availability in Applications Manager Verify if you have specified the correct command prompt ...Troubleshooting SSH Public Key authentication Exception: Key exchange failure
When executing the SSH troubleshoot script in your server, if you encounter an exception as shown below, follow the steps given to troubleshoot the error: Sample Trace ...I am not able to add Server monitor with SSH key generated with passphrase and steps to generate SSH2 keys without passphrase.
As of now we do not support usage of SSH2 keys generated with passphrase in Applications Manager. However you can use a key generated without passphrase. Use the steps below to generate and use SSH2 keys. Using Puttygen generate a new private key ...Authentication Methods in Applications Manager
Authentication involves validating an incoming user to facilitate the access to a specific resource. There are various authentication methods that you can use - based on the requirements and usage. In recent times, numerous organizations are ...Troubleshooting Server Authentication Failures in Applications Manager
If you encounter authentication failures in server monitors in Applications Manager, refer and choose the links from the below list to troubleshoot the issue. You can choose the troubleshooting steps based on the type of authentication failure. ...