How to use SSH public key authentication for SSH?

Document created by Takeshi Arisaka on Jun 14, 2016Last modified by Kota Saito on Aug 22, 2016
Version 3Show Document
  • View in full screen mode

Refer "Public Key Authentication" in Installation and Configuration Guide

    Note:
1.You need to restart services (*1) after you changed config_user.properties.
2.If your HAD is on Windows platform, path to private key (ssh.privateKeyFile in config_user.properties) must be escaped by adding "\" to "\".
3.Format of private key must be pem, and key must be DSA(1024bit) or RSA(768bit - 16384bit)

    (*1) Refer "Stopping and starting Hitachi Command Suite and Automation Director services" in Installation and Configuration Guide.

 

 


For example, if your HAD is on Windows platform, and want to connect linux box...

 

   Step.1) Make sure your linux box is configured to accept public key authentication. See sshd_config in your linux.

   Step.2) Create key pair  -  login to your linux as certain account who accepts requests from HAD, then run followings to create key pair for HAD (not for the account)

               [manager@abc ~]$ ssh-keygen -g -N "mypassphrase" -t rsa -b 2048 -f /tmp/id_rsa

   Step.3) Move the private key (/tmp/id_rsa) to HAD (e.g. C:\id_rsa), and update config_user.properties

               Open config_user.properties and specify "C:\\id_rsa" to ssh.privateKeyFile.

               NOTE: you must replace "\" to "\\".

   Step.4) Set the public key to authorized_keys of the account, and chmod it

               [manager@abc ~]$ mkdir ~/.ssh

               [manager@abc ~]$ chmod 700 ~/.ssh

               [manager@abc ~]$ cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys
               [manager@abc ~]$ chmod 600 ~/.ssh/authorized_keys

   Step.5) Configuring a shared property
            1. Log into the HAD application.
            2. Select [Administration] > [Shared Properties Settings].
            3. Open the Pass phrase of the private key (for SSH public keyauthentication).
            4. Enter the pass phrase as a value. E.g. mypassphrase

   Step.6) Restart services

             E:\HiCommand\Base64\bin>hcmds64srv.exe /stop

 

             E:\HiCommand\Base64\bin>hcmds64srv.exe /start

 

              (wait several minutes to see web application)

 

 

 

 

Go back to Service Builder FAQ

Attachments

    Outcomes