Creating a new SSH user and configuring user authentication
Before you can connect to the host machines, you must configure user authentication. Optionally, you can create a new user.
If you don’t want to create a new user, you can use the default user configured in the |
When you configure user authentication, you can either configure passwordless authentication for the SSH user or use a password to connect to the host machines.
The |
Creating a new user
About this task
If you do not have a user as mentioned in the PingIntelligence automated deployment preparation section, complete the following steps on all the provisioned host machines.
If you already have a user as described in Creating a new SSH user and configuring user authentication, start with Copying the PingIntelligence license.
Steps
-
Create an
ec2-user
.The
hosts
file in the automation package hasec2-user
as the default user.-
Optional: To create your own username, run the
#useradd ec2-user
command.
-
-
Change the password by running the
#passwd ec2-user
command.If you’re installing PingIntelligence software as a non-sudo user, skip steps 3-5.
-
Add the user to the wheel group by running the
#usermod -aG wheel ec2-user
command. -
Configure passwordless
sudo
access:#visudo %wheel ALL=(ALL) NOPASSWD: ALL
-
Verify the
/etc/ssh/sshd_config
file forPubKeyAuthentication
.Troubleshooting:
If it is set to
no
, then set it toyes
and restartsshd
service by the#systemctl restart sshd
command.
-
Passwordless authentication
-
Password-based authentication
Setting up passwordless authentication
About this task
You can set up passwordless authentication from the management machine to other machines where PingIntelligence components are installed.
Steps
-
On the management machine, run the following command.
The management machine is the machine from which the automated deployment script is run to deploy the various PingIntelligence software.
# ssh-keygen -t rsa
Result:
This command generates the
ssh-keys
. -
Accept all the default options. Make sure that you do not set the password for the key.
-
You have two options for configuring passwordless authentication:
Choose from:
-
Run the
ssh-copy-id
command for each host machine but not the management machine:# ssh-copy-id pi-user@<ping-machine IPv4 address>
For example (ping-ase):
ssh-copy-id pi-user@192.168.11.148
-
Copy and add the
ssh-keys
manually:-
Fetch the generated key in step 1 from
/home/$USER/.ssh/id_rsa.pub
. -
Copy the key and add it to the
/home/$USER/.ssh/authrorized_keys
file on all the host machines where PingIntelligence components are installed.If configuring passwordless authentication does not succeed, contact your system administrator.
-
-
Setting up authentication using a password
Before you begin
Ensure that:
-
You’ve installed
sshpass
module on the management host machine.The management host machine is a RHEL 7.6 machine.
-
The password that you configure for the user in the
hosts
file must already be configured on the host machines.
About this task
You can also use password to authenticate with PingIntelligence and MongoDB host machines.
Configure the password of the host machine in the hosts
file.
Steps
-
To add the password in the
hosts
file, edit thehosts
file to configure the password inansible_ssh_pass
parameter as shown in bold in the followinghosts
file snippet# Ansible SSH user to access host machines ansible_ssh_user=ec2-user # Uncomment the ansible_ssh_pass line and configure password of ansible_ssh_user if you want to use SSH connection with password. # If you do not use this option, then the SSH user uses password-less authentication. #ansible_ssh_pass=<SSH_user_password>
Verifying SSH connectivity
Steps
-
Manually verify SSH connectivity between the management machine and the host machine by running the
ssh user@remote-machine "ls"
command.
Next steps
To continue your configuration, see Copying the PingIntelligence license.