How to use SSH public key authentication for SSH?

Document created by Takeshi Arisaka Employee on Jun 14, 2016Last modified by Kota Saito on Aug 22, 2016
Version 3Show Document
  • View in full screen mode

Refer "Public Key Authentication" in Installation and Configuration Guide

1.You need to restart services (*1) after you changed
2.If your HAD is on Windows platform, path to private key (ssh.privateKeyFile in must be escaped by adding "\" to "\".
3.Format of private key must be pem, and key must be DSA(1024bit) or RSA(768bit - 16384bit)

    (*1) Refer "Stopping and starting Hitachi Command Suite and Automation Director services" in Installation and Configuration Guide.



For example, if your HAD is on Windows platform, and want to connect linux box...


   Step.1) Make sure your linux box is configured to accept public key authentication. See sshd_config in your linux.

   Step.2) Create key pair  -  login to your linux as certain account who accepts requests from HAD, then run followings to create key pair for HAD (not for the account)

               [manager@abc ~]$ ssh-keygen -g -N "mypassphrase" -t rsa -b 2048 -f /tmp/id_rsa

   Step.3) Move the private key (/tmp/id_rsa) to HAD (e.g. C:\id_rsa), and update

               Open and specify "C:\\id_rsa" to ssh.privateKeyFile.

               NOTE: you must replace "\" to "\\".

   Step.4) Set the public key to authorized_keys of the account, and chmod it

               [manager@abc ~]$ mkdir ~/.ssh

               [manager@abc ~]$ chmod 700 ~/.ssh

               [manager@abc ~]$ cat /tmp/ >> ~/.ssh/authorized_keys
               [manager@abc ~]$ chmod 600 ~/.ssh/authorized_keys

   Step.5) Configuring a shared property
            1. Log into the HAD application.
            2. Select [Administration] > [Shared Properties Settings].
            3. Open the Pass phrase of the private key (for SSH public keyauthentication).
            4. Enter the pass phrase as a value. E.g. mypassphrase

   Step.6) Restart services

             E:\HiCommand\Base64\bin>hcmds64srv.exe /stop


             E:\HiCommand\Base64\bin>hcmds64srv.exe /start


              (wait several minutes to see web application)





Go back to Service Builder FAQ