To use Secure Shell (SSH) public/private key as an authentication
method for accessing your remote workstations, you must first install
the public key of a public/private key pair on the installation targets.
You can then securely connect to the remote workstation by using the
corresponding private key. Use this topic to install the SSH public
key on one or more installation targets.
Before you begin
Supported configurations: This topic applies to WebSphere Application
Server Version 6.1.x and 7.x only. For information about using centralized
installation manager (CIM) for Version 8.5, see
Submitting Installation Manager jobs.
sptcfg
To successfully complete
this task, you must have SSH installed and enabled on the installation
target. First create a pair of keys, and install the public key on
all the installation targets. Issue the following command to ensure
that SSH is started on the workstation:
ps -e | grep sshd
You can generate an
RSA private key and its corresponding public key using the
ssh-keygen command
in the following example:
ssh-keygen -t rsa
Take
the default location for storing the private key and make note of
it. If you specify a non-empty string for the passphrase prompt, make
sure you remember the string because you will need it when you want
to use the generated private key.
Additionally, you must know
the location of the SSH public key file on the deployment manager,
and the administrative ID and password for the installation target.
This is the same administrative ID and password that you use to later
install or uninstall software packages on the same installation target.
About this task
UNIX and Linux platforms generally support the use of
SSH protocol. For Windows operating systems, however, you might have
to install third-party software to use SSH protocol. Read the "Using
the Secure Shell authentication method on target Windows operating
systems" topic for more information.
With the centralized installation
manager (CIM) , you can install product packages and maintenance for
distributed platforms directly from the administrative console. Complete
the steps that are outlined in the wizard to install the SSH public
key, which uses the SSH protocol to communicate with the installation
targets.
Procedure
- To access the wizard from the administrative console, click .
- Select one or more existing installation targets from the
table, and click Install SSH Public Key.
- Select the appropriate password settings, and click Next.
You can either select to specify the same user name and password to
access all of the installation targets, or you can configure individual
user names and passwords for each installation target.
- Specify the location of the SSH public key file on the
deployment manager, and click Next.
- Review the summary of your selections, and click Finish to
complete the installation process. Click Previous to
change any of your selections.
Results
You successfully installed the SSH public key on specific
installation targets.
Alternate key installation- If you had previously installed the SSH public key on the remote
workstations through some other method outside of the CIM, skip the
steps outlined in this section. You can update the SSH public key
installation records kept by the CIM using an AdminTask command. The
Administrator must first save the user name to be used with the SSH
key to access the target host, and then invoke the relevant AdminTask
commands:
- Log in to the administrative console.
- Navigate to the CIM "Installation Targets" panel.
- Click on the target host name.
- On the resulting page, fill in the user name field
and click Save.
- Repeat this for all target hosts that have the SSH public key
installed outside of CIM.
- Update the SSH public key installation records using the updateKeyInstallationRecords AdminTask
command:
- Using Jacl:
$AdminTask updateKeyInstallationRecords {-add "abc.com,river.com"}
$AdminTask listKeyInstallationRecords
- Using Jython:
AdminTask.updateKeyInstallationRecords ('[-add "abc.com,river.com"]')
print AdminTask.listKeyInstallationRecords()
Troubleshooting- If your deployment manager is on a Windows system and you have
generated a public-private key pair to use SSH authentication with
remote target hosts running on UNIX-based platforms such as AIX or
Linux, CIM might not be able to access the private key store on the
deployment manager system. If you had generated a public-private key
pair on your Windows workstation using the OpenSSH package that is
part of the CYGWIN software, the private key store is protected and
is accessible only to the user account that creates the key pair.
However, the default setup for WebSphere Application Server on Windows
operating system is to have the server running under the local SYSTEM account.
To
allow CIM to access the private key store you must also grant the
local
SYSTEM account read permission to the private
key store:
- From the Windows Explorer navigate to the private key store, right
click the key store file name, id_rsa, for example, and select Properties.
- Select the Security tab and add the SYSTEM account
giving Read and Read & Execute permissions to the
account.
- Click OK.
What to do next
You can install the same SSH public key on other installation
targets to securely access all of your workstations.