Page tree
Skip to end of metadata
Go to start of metadata

Clustrix recommends configuring passwordless ssh for users who will perform management and monitoring functions (clxm). Passwordless ssh access for the daemon clxd user is required to perform upgrades.

Configuring Key Pair Authentication

Log into the Linux server using the user for whom you will configure for passwordless SSH authentication.

Generate the key pair using default filenames. Simply press ENTER when prompted for any input by the ssh-keygen utility. To be passwordless, this SSH key should have no password.

shell> ssh username@hostname
shell> ssh-keygen

The output will look like:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/clxd/.ssh/id_rsa):
Created directory '/home/clxd/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/clxd/.ssh/id_rsa.
Your public key has been saved in /home/clxd/.ssh/id_rsa.pub.
The key fingerprint is:
96:f6:07:ef:a7:cc:e3:0c:9a:44:c7:ed:33:fa:cf:62 clxd@node1

Copy the contents of the id_rsa.pub file into a new file named authorized_keys:

shell> cd ~/.ssh
shell> cat id_rsa.pub >> authorized_keys
shell> chmod 600 authorized_keys
shell> chmod 700 ~/.ssh

Now copy the contents of the ~/.ssh directory to every node in the cluster as the same Linux user. Also verify that they have the same permissions.

shell> scp -r -p ~/.ssh username@ip_of_next_server

This will make the SSH authentication credentials on all of the nodes equal so this Linux user can SSH between any of the nodes without being prompted for a password. 

id_rsa

Note: The private key file must be the default name, id_rsa, for clx to use it automatically. Non-default private key names are not supported at this time.

To verify that SSH authentication is configured correctly, run this command:

shell> /opt/clustrix/bin/clx cmd 'date'

If dates are correctly returned from each node and no passwords are requested, setup is successful. You can also run clx stat to view the cluster’s status. See The CLX Command-Line Administration Tool for more information.

Repeat these steps for any Linux user that requires passwordless SSH authentication (e.g. clxd, and the clxm users).

Now that you have configured passwordless ssh authentication, proceed to Post-Installation Configuration.

  • No labels