HowTo: Configure SSH2 access to the Admin Console

From Public PIC Wiki
Jump to navigation Jump to search

Server - Admin Console Authorized Keys

  • To allow SSH2 access to the Admin Console a public key needs to be added to the authorized_keys file.
  • SSH2 authentication in dCache works very similar to the standard SSH2 service.
  • SSH2 authorized_keys file in dCache is found in: /etc/dcache/admin/authorized_keys2
Please notice that in dCache is called authorized_keys2 and not authorized_keys (which historically corresponds to SSH1 access to the dCache Admin Console)
  • Example of content of /etc/dcache/admin/authorized_keys2:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIODhZQPz/sxK44pTdOaCVWXM2qZPJ1Zz/xOHt31LKEC/seWf1fzy0YuC9Wu++eATtKXtv2fIryj9cFOhijXmAQtYHfhNCbBA
jmyD0Eaa73Hg9tBubhB0Ufazlf951cMmhjsQvIFb4gWgN6gDKcnk8ka1QV5Z6MASd7JD4k28p8s /yFhtpymyYRdqg0KZGdnqh51MsIL4kkmS+jx8hINMCspHFYOe3ptFEmX4rp
0ucJLVVEDHIW8ehIirStaCupRABRxQ+Esy6+xwOeydL8o3DOtUwk9lNel2ISOLrbzwVAdUC3YxeSLV8weGv23hIXXyRrKnTESNxgnZgMRM4oW5D admin@pw-mcaubet

Notice that the info should end like admin@<user>

Client - Private & Public Keys

  • In order to access to the Admin Console, SSH Keys must be generated.
  • Use ssh-keygen in order to generate the public (id_rsa.pub) and the private (id_rsa) SSH Keys. For instance:
user@pw-mcaubet:~$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
1d:60:95:2f:73:94:b8:5b:d6:8c:2d:d4:d2:ea:b6:de user@pw-mcaubet
The key's randomart image is:
+---[RSA 2048]----+
|        o..o +   |
|       . .o = o  |
|          .= B   |
|         .+.O +  |
|        S .O .   |
|          . o    |
|           . .   |
|            ..   |
|           .. E  |
+-----------------+