HowTo: Configure SSH2 access to the Admin Console
Jump to navigation
Jump to search
Server - Admin Console Authorized Keys
- To allow SSH2 access to the Admin Console a public key needs to be added to the authorized_keys file.
- SSH2 authentication in dCache works very similar to the standard SSH2 service.
- SSH2 authorized_keys file in dCache is found in: /etc/dcache/admin/authorized_keys2
- Please notice that in dCache is called authorized_keys2 and not authorized_keys (which historically corresponds to SSH1 access to the dCache Admin Console)
- Example of content of /etc/dcache/admin/authorized_keys2:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIODhZQPz/sxK44pTdOaCVWXM2qZPJ1Zz/xOHt31LKEC/seWf1fzy0YuC9Wu++eATtKXtv2fIryj9cFOhijXmAQtYHfhNCbBA jmyD0Eaa73Hg9tBubhB0Ufazlf951cMmhjsQvIFb4gWgN6gDKcnk8ka1QV5Z6MASd7JD4k28p8s /yFhtpymyYRdqg0KZGdnqh51MsIL4kkmS+jx8hINMCspHFYOe3ptFEmX4rp 0ucJLVVEDHIW8ehIirStaCupRABRxQ+Esy6+xwOeydL8o3DOtUwk9lNel2ISOLrbzwVAdUC3YxeSLV8weGv23hIXXyRrKnTESNxgnZgMRM4oW5D admin@pw-mcaubet
Notice that the info should end like admin@<user>
Client - Private & Public Keys
- In order to access to the Admin Console, SSH Keys must be generated.
- Use ssh-keygen in order to generate the public (id_rsa.pub) and the private (id_rsa) SSH Keys. For instance:
user@pw-mcaubet:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: 1d:60:95:2f:73:94:b8:5b:d6:8c:2d:d4:d2:ea:b6:de user@pw-mcaubet The key's randomart image is: +---[RSA 2048]----+ | o..o + | | . .o = o | | .= B | | .+.O + | | S .O . | | . o | | . . | | .. | | .. E | +-----------------+
- Add the generated id_rsa.pub to the /etc/dcache/admin/authorized_keys2 in the dCache server (see Server - Admin Console Authorized Keys)