Difference between revisions of "HowTo: Configure SSH2 access to the Admin Console"

From Public PIC Wiki
Jump to navigation Jump to search
(Created page with "= Server - Admin Console Authorized Keys = * To allow SSH2 access to the Admin Console a public key needs to be added to the authorized_keys file. * SSH2 authentication in dCa...")
 
Line 4: Line 4:
 
* SSH2 authorized_keys file in dCache is found in: '''/etc/dcache/admin/authorized_keys2'''
 
* SSH2 authorized_keys file in dCache is found in: '''/etc/dcache/admin/authorized_keys2'''
 
:Please notice that in dCache is called '''''authorized_keys2''''' and not authorized_keys (which historically corresponds to SSH1 access to the dCache Admin Console)
 
:Please notice that in dCache is called '''''authorized_keys2''''' and not authorized_keys (which historically corresponds to SSH1 access to the dCache Admin Console)
 +
* Example of '''/etc/dcache/admin/authorized_keys2''':
 +
 +
from="*.pic.es" ssh-dss AAAAB3NzaC1kc3MAAACBAL2qk6nGZjKqr+9ZnDBvA1UwB/M8HJAmQbpPSk9pGq+xKCkzMkW6ucffcK1OPlDn+oltTMFoAKJ/K10GPQ5m0lnIoTkqfnGlyhbOuxU4ImwUi6kcDhNAQ7NywoLJJ6tEd3glQn8pCOlX79r8zQWQiNzitglNsANWFCLXh8hjzg5DAAAAFQDnPzspF/7xQzzFe1N4HHY6RQgj8QAAAIBxgSF6DnTnJwKEZesWmLdqFmtb92CULlGDb/Fgfas49i0XZAH2TTXxkWKEr1brBIcl/XuYrUiDVXpxKpu8yoBBPD+lnkLq5s4qlGhEqifpij1Ap09Oja3emhN1gGobiPMZny9ukmPrqT3fGLxN3IOYN67S3a/Mtg2Ht1eP+lxC6QAAAIEAkxtoH5Q1VSVLawDIK1Ne9Lc326NdmqpCNcnPafsh36gZluJTHXDj2GTCn+zMXDRH585/Hn8ro9mJ8q3iOvpujRsTUqxiS99qRtZIdsh9RGhf2/wAmIw9FYjXpSYTY07+XT4H941aXi1RNnioS0TLYrfOWrs8w78kmwb8old6xUU= dcache_root@dccore01-test.pic.es
 +
from="*.pic.es" ssh-dss AAAAB3NzaC1kc3MAAACBAPSl8CfaycoR89aCmziYvXQ/oP41RMl9gmBkUo79R/YEbfCRge9ZNsoe5FUGFLdVUAj2rlPL4dzffRCPP/sMPwp7ihA85fHTCSODOG7CX9YXH/uiHXnen86aR3wujgDunVZKRlHZZcTm9ctti2fWzl4BGQyKfHW8yF1eHozcLFhFAAAAFQCL7xgYMkPGjze6DFriU9l6pj2P1QAAAIBYiQXVCU1ncp3VjmWFEdmzX/RGUzFn0smsi+ohdNIRp0sDmd7Oot+JIamZJTUqmEPd0GdZZy34eCOkJXE190KwtFsO08Ck0P5uCaBc/+TslnAZ1JaXPKYoHxN+pbiNycbJaFwJOi1kDtvuLPynbBpdDSsLNtNSv457sDG7BMn+iwAAAIAES5Kmr+nzQpZAiWbx9Y9TZt0Kkp8ZORgrDYXDo8dedRuOSO+3SyyBrdPAEn7po6zSMV9jTh3cpPOdtns5atrFEqtg9vidiP0Kq6zHazsofA2A5i6lq1+bIit8m8G9AcQXzfPVc2n+rq2e5a0gH/CJGaxub2E+p/gGWJAcQCiY0g== dcache_root@dccore01.pic.es
 +
  
 
= Client - Private & Public Keys =
 
= Client - Private & Public Keys =
Line 9: Line 14:
 
* Use '''''ssh-keygen''''' in order to generate the public (id_rsa.pub) and the private (id_rsa) SSH Keys. For instance:
 
* Use '''''ssh-keygen''''' in order to generate the public (id_rsa.pub) and the private (id_rsa) SSH Keys. For instance:
  
  user@pw-mcaubet:~# ssh-keygen  
+
  user@pw-mcaubet:~$ ssh-keygen  
 
  Generating public/private rsa key pair.
 
  Generating public/private rsa key pair.
  Enter file in which to save the key (/user/.ssh/id_rsa):  
+
  Enter file in which to save the key (/home/user/.ssh/id_rsa):  
 
  Enter passphrase (empty for no passphrase):  
 
  Enter passphrase (empty for no passphrase):  
 
  Enter same passphrase again:  
 
  Enter same passphrase again:  
  Your identification has been saved in /root/.ssh/id_rsa.
+
  Your identification has been saved in /home/user/.ssh/id_rsa.
  Your public key has been saved in /root/.ssh/id_rsa.pub.
+
  Your public key has been saved in /home/user/.ssh/id_rsa.pub.
 
  The key fingerprint is:
 
  The key fingerprint is:
  1d:60:95:2f:73:94:b8:5b:d6:8c:2d:d4:d2:ea:b6:de root@pw-mcaubet
+
  1d:60:95:2f:73:94:b8:5b:d6:8c:2d:d4:d2:ea:b6:de user@pw-mcaubet
 
  The key's randomart image is:
 
  The key's randomart image is:
 
  +---[RSA 2048]----+
 
  +---[RSA 2048]----+
Line 30: Line 35:
 
  |          .. E  |
 
  |          .. E  |
 
  +-----------------+
 
  +-----------------+
 +
* Add the generated '''id_rsa.pub''' to the '''/etc/dcache/admin/authorized_keys2''' in the dCache server (see [[HowTo:_Configure_SSH2_access_to_the_Admin_Console#Server - Admin Console Authorized Keys | Server - Admin Console Authorized Keys]]

Revision as of 12:01, 7 August 2015

Server - Admin Console Authorized Keys

  • To allow SSH2 access to the Admin Console a public key needs to be added to the authorized_keys file.
  • SSH2 authentication in dCache works very similar to the standard SSH2 service.
  • SSH2 authorized_keys file in dCache is found in: /etc/dcache/admin/authorized_keys2
Please notice that in dCache is called authorized_keys2 and not authorized_keys (which historically corresponds to SSH1 access to the dCache Admin Console)
  • Example of /etc/dcache/admin/authorized_keys2:
from="*.pic.es" ssh-dss AAAAB3NzaC1kc3MAAACBAL2qk6nGZjKqr+9ZnDBvA1UwB/M8HJAmQbpPSk9pGq+xKCkzMkW6ucffcK1OPlDn+oltTMFoAKJ/K10GPQ5m0lnIoTkqfnGlyhbOuxU4ImwUi6kcDhNAQ7NywoLJJ6tEd3glQn8pCOlX79r8zQWQiNzitglNsANWFCLXh8hjzg5DAAAAFQDnPzspF/7xQzzFe1N4HHY6RQgj8QAAAIBxgSF6DnTnJwKEZesWmLdqFmtb92CULlGDb/Fgfas49i0XZAH2TTXxkWKEr1brBIcl/XuYrUiDVXpxKpu8yoBBPD+lnkLq5s4qlGhEqifpij1Ap09Oja3emhN1gGobiPMZny9ukmPrqT3fGLxN3IOYN67S3a/Mtg2Ht1eP+lxC6QAAAIEAkxtoH5Q1VSVLawDIK1Ne9Lc326NdmqpCNcnPafsh36gZluJTHXDj2GTCn+zMXDRH585/Hn8ro9mJ8q3iOvpujRsTUqxiS99qRtZIdsh9RGhf2/wAmIw9FYjXpSYTY07+XT4H941aXi1RNnioS0TLYrfOWrs8w78kmwb8old6xUU= dcache_root@dccore01-test.pic.es
from="*.pic.es" ssh-dss AAAAB3NzaC1kc3MAAACBAPSl8CfaycoR89aCmziYvXQ/oP41RMl9gmBkUo79R/YEbfCRge9ZNsoe5FUGFLdVUAj2rlPL4dzffRCPP/sMPwp7ihA85fHTCSODOG7CX9YXH/uiHXnen86aR3wujgDunVZKRlHZZcTm9ctti2fWzl4BGQyKfHW8yF1eHozcLFhFAAAAFQCL7xgYMkPGjze6DFriU9l6pj2P1QAAAIBYiQXVCU1ncp3VjmWFEdmzX/RGUzFn0smsi+ohdNIRp0sDmd7Oot+JIamZJTUqmEPd0GdZZy34eCOkJXE190KwtFsO08Ck0P5uCaBc/+TslnAZ1JaXPKYoHxN+pbiNycbJaFwJOi1kDtvuLPynbBpdDSsLNtNSv457sDG7BMn+iwAAAIAES5Kmr+nzQpZAiWbx9Y9TZt0Kkp8ZORgrDYXDo8dedRuOSO+3SyyBrdPAEn7po6zSMV9jTh3cpPOdtns5atrFEqtg9vidiP0Kq6zHazsofA2A5i6lq1+bIit8m8G9AcQXzfPVc2n+rq2e5a0gH/CJGaxub2E+p/gGWJAcQCiY0g== dcache_root@dccore01.pic.es


Client - Private & Public Keys

  • In order to access to the Admin Console, SSH Keys must be generated.
  • Use ssh-keygen in order to generate the public (id_rsa.pub) and the private (id_rsa) SSH Keys. For instance:
user@pw-mcaubet:~$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
1d:60:95:2f:73:94:b8:5b:d6:8c:2d:d4:d2:ea:b6:de user@pw-mcaubet
The key's randomart image is:
+---[RSA 2048]----+
|        o..o +   |
|       . .o = o  |
|          .= B   |
|         .+.O +  |
|        S .O .   |
|          . o    |
|           . .   |
|            ..   |
|           .. E  |
+-----------------+