hosts
file. It also
discusses authentication options. You can configure password-less authentication for the
SSH user or use a password to connect to the host machines. User Creation (Optional)
Complete the following steps on all the provisioned host machines if you do not have a user as mentioned in the Prerequisites section. If you already have a user as described in the prerequisite section, you can skip the following steps:
- Create an ec2-user. The
hosts
file in the automation package hasec2-user
as the default user. You can create your own username.#useradd ec2-user
- Change the password
#passwd ec2-user
-
Note: If you plan to install PingIntelligence software as a
non-sudo
user, then skip steps 3-5.#usermod -aG wheel ec2-user
- Configure password-less
sudo
access#visudo %wheel ALL=(ALL) NOPASSWD: ALL
- Verify the
/etc/ssh/sshd_config
file forPubKeyAuthentication
. If it is set to no, then set it to yes and restartsshd
service using the following command:#systemctl restart sshd
The following diagram shows the management host and PingIntelligence host machines communicating either through password-less SSH communication or communicating after authenticating using a password.
Authentication
- Password-less authentication - There are two options to achieve password-less authentication.
- Authentication using a password - Authentication
using a password requires
sshpass
module to be installed on the RHEL host machine.
Password-less authentication
You can set up a password-less authentication from the management machine to other machines where PingIntelligence components are installed. There are two options to configure password-less authentication.
- Run the following command on the management machine. The management machine
is the machine from which the automated deployment script is run to deploy
the various PingIntelligence software.
# ssh-keygen -t rsa
This command generates the
ssh-keys
. Accept all the default options. Make sure that you do not set the password for the key. - Run the following command for each host machine but not the management machine:
# ssh-copy-id pi-user@<ping-machine IPv4 address>
For example,
ssh-copy-id pi-user@192.168.11.148
(ping-ase)
- Run the following command on the management machine. The management machine
is the machine from which the automated deployment script is run to deploy
the various PingIntelligence software.
# ssh-keygen -t rsa
This command generates the
ssh-keys
. Accept all the default options. Make sure that you do not set the password for the key. - Fetch the generated key in step 1 from
/home/$USER/.ssh/id_rsa.pub
- Copy and add this key in the
/home/$USER/.ssh/authrorized_keys
file on all the host machines where PingIntelligence components are installed.
Authentication using a password
You can also use password to authenticate with PingIntelligence and MongoDB host
machines. Configure the password of the host machine in the hosts
file. Complete the following prerequisites to authenticate using a password:
- Install
sshpass
module on the management host machine. Note that the management host machine is a RHEL 7.6 machine. - The password that you configure for the user in the
hosts
file must already be configured on the host machines.
hosts
file, edit the hosts
file
to configure password in ansible_ssh_pass parameter as shown
in the hosts
file snippet below.
# Ansible SSH user to access host machines
ansible_ssh_user=ec2-user
# Uncomment the ansible_ssh_pass line and configure password of ansible_ssh_user if you want to use SSH connection with password.
# If you do not use this option, then the SSH user uses password-less authentication.
#ansible_ssh_pass=<SSH_user_password>
Verify SSH connectivity
ssh user@remote-machine "ls"