hosts file. It also
discusses authentication options. You can configure password-less authentication for the
SSH user or use a password to connect to the host machines. User Creation (Optional)
Complete the following steps on all the provisioned host machines if you do not have a user as mentioned in the Prerequisites section. If you already have a user as described in the prerequisite section, you can skip the following steps:
- Create an ec2-user. The
hostsfile in the automation package hasec2-useras the default user. You can create your own username.#useradd ec2-user - Change the password
#passwd ec2-user -
Add the user to the wheel groupNote: If you plan to install PingIntelligence software as a
non-sudouser, then skip steps 3-5.#usermod -aG wheel ec2-user - Configure password-less
sudoaccess#visudo %wheel ALL=(ALL) NOPASSWD: ALL - Verify the
/etc/ssh/sshd_configfile forPubKeyAuthentication. If it is set to no, then set it to yes and restartsshdservice using the following command:#systemctl restart sshd
The following diagram shows the management host and PingIntelligence host machines
communicating either through password-less SSH communication or communicating after
authenticating using a password. 
Authentication
- Password-less authentication - There are two options to achieve password-less authentication.
- Authentication using a password - Authentication
using a password requires
sshpassmodule to be installed on the RHEL host machine.
Password-less authentication
You can set up a password-less authentication from the management machine to other machines where PingIntelligence components are installed. There are two options to configure password-less authentication.
- Run the following command on the management machine. The management machine
is the machine from which the automated deployment script is run to deploy
the various PingIntelligence software.
# ssh-keygen -t rsaThis command generates the
ssh-keys. Accept all the default options. Make sure that you do not set the password for the key. - Run the following command for each host machine but not the management machine:
# ssh-copy-id pi-user@<ping-machine IPv4 address>For example,
ssh-copy-id pi-user@192.168.11.148(ping-ase)
- Run the following command on the management machine. The management machine
is the machine from which the automated deployment script is run to deploy
the various PingIntelligence software.
# ssh-keygen -t rsaThis command generates the
ssh-keys. Accept all the default options. Make sure that you do not set the password for the key. - Fetch the generated key in step 1 from
/home/$USER/.ssh/id_rsa.pub - Copy and add this key in the
/home/$USER/.ssh/authrorized_keysfile on all the host machines where PingIntelligence components are installed.
Authentication using a password
You can also use password to authenticate with PingIntelligence and MongoDB host
machines. Configure the password of the host machine in the hosts
file. Complete the following prerequisites to authenticate using a password:
- Install
sshpassmodule on the management host machine. Note that the management host machine is a RHEL 7.6 machine. - The password that you configure for the user in the
hostsfile must already be configured on the host machines.
hosts file, edit the hosts file
to configure password in ansible_ssh_pass parameter as shown
in the hosts file snippet below.
# Ansible SSH user to access host machines
ansible_ssh_user=ec2-user
# Uncomment the ansible_ssh_pass line and configure password of ansible_ssh_user if you want to use SSH connection with password.
# If you do not use this option, then the SSH user uses password-less authentication.
#ansible_ssh_pass=<SSH_user_password>Verify SSH connectivity
ssh user@remote-machine "ls"