Creating a new SSH user and configuring user authentication - PingIntelligence for APIs

Creating a new SSH user and configuring user authentication - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

Creating a new user

If you do not have a user as mentioned in the PingIntelligence automated deployment preparation section, complete the following steps on all the provisioned host machines.

If you already have a user as described in Creating a new SSH user and configuring user authentication, start with Copying the PingIntelligence license.

Create an ec2-user.

The hosts file in the automation package has ec2-user as the default user.
1. Optional: To create your own username, run the #useradd ec2-user command.
Change the password by running the #passwd ec2-user command.

Note:
If you're installing PingIntelligence software as a non-sudo user, skip steps 3-5.
Add the user to the wheel group by running the #usermod -aG wheel ec2-user command.
Configure passwordless sudo access:
```
#visudo
%wheel ALL=(ALL) NOPASSWD: ALL
```
Verify the /etc/ssh/sshd_config file for PubKeyAuthentication. If it is set to no, then set it to yes and restart sshd service by the #systemctl restart sshd command.

Setting up passwordless authentication

You can set up passwordless authentication from the management machine to other machines where PingIntelligence components are installed.

On the management machine, run the following command.
Note:
The management machine is the machine from which the automated deployment script is run to deploy the various PingIntelligence software.
```
# ssh-keygen -t rsa
```
This command generates the ssh-keys.
Accept all the default options. Make sure that you do not set the password for the key.
You have two options for configuring passwordless authentication:
- Run the ssh-copy-id command for each host machine but not the management machine:
```
# ssh-copy-id pi-user@<ping-machine IPv4 address>
```
  For example (ping-ase):
```
ssh-copy-id pi-user@192.168.11.148
```
- Copy and add the ssh-keys manually:
  1. Fetch the generated key in step 1 from /home/$USER/.ssh/id_rsa.pub.
  2. Copy the key and add it to the /home/$USER/.ssh/authrorized_keys file on all the host machines where PingIntelligence components are installed.
Important:
If configuring passwordless authentication does not succeed, contact your system administrator.

Setting up authentication using a password

Ensure that:

You've installed sshpass module on the management host machine.
Note:
The management host machine is a RHEL 7.6 machine.
The password that you configure for the user in the hosts file must already be configured on the host machines.

You can also use password to authenticate with PingIntelligence and MongoDB host machines.

Configure the password of the host machine in the hosts file.

To add the password in the hosts file, edit the hosts file to configure the password in ansible_ssh_pass parameter as shown in bold in the following hosts file snippet

# Ansible SSH user to access host machines
ansible_ssh_user=ec2-user
# Uncomment the ansible_ssh_pass line and configure password of ansible_ssh_user if you want to use SSH connection with password.
# If you do not use this option, then the SSH user uses password-less authentication.
#ansible_ssh_pass=<SSH_user_password>

Verifying SSH connectivity

Manually verify SSH connectivity between the management machine and the host machine by running the ssh user@remote-machine "ls" command.

To continue your configuration, see Copying the PingIntelligence license.