Using Public Private Key Authentication with mm-tools

Users are authenticated using certificates when performing deploy and remote start and stop operations.

Procedure

  1. On the computer hosting the MM server, use a utility to create a public/private key pair. The ssh-keygen utility is widely available. Two files are generated. They are referred to as follows:
    PK_FILE_NAME: The file containing the private key

    PK_FILE_NAME.pub: The file containing the public key

    Optionally, you can specify a passphrase.

    Place both generated files in the same directory on the computer hosting the MM server. For example, put them in BE_HOME/mm/certificates.

  2. On computers hosting the to-be-monitored cluster PUs that you want to remotely deploy, start, or stop, copy the contents of the file PK_FILE_NAME.pub to the file containing the list of authorized keys for the user who will be logging in remotely.

    For example, for SSH using certificates for authentication, the authorized keys file is called 'authorized_keys' and it is stored in the .ssh directory of the user who will be logging in remotely, that is, in ~/.ssh/authorized_keys.

  3. When executing a command with mm-tools, use these new options:

    -pkf The fully qualified path to the PK_FILE_NAME file, that is, the file with the private key.

    -pph The passphrase, if you specified one when creating the public/private key pair. (One example below shows the -pph option.)