Using Public Private Key Authentication with mm-tools
Users are authenticated using certificates when performing
deploy and remote
start and
stop operations.
Procedure
On the computer hosting the MM server, use a utility to create a public/private key pair. The
ssh-keygen utility is widely available. Two files are generated. They are referred to as follows:
PK_FILE_NAME: The file containing the private key
PK_FILE_NAME.pub: The file containing the public key
Optionally, you can specify a passphrase.
Place both generated files in the same directory on the computer hosting the MM server. For example, put them in
BE_HOME/mm/certificates.
On computers hosting the to-be-monitored cluster PUs that you want to remotely deploy, start, or stop, copy the contents of the file
PK_FILE_NAME.pub to the file containing the list of authorized keys for the user who will be logging in remotely.
For example, for SSH using certificates for authentication, the authorized keys file is called 'authorized_keys' and it is stored in the
.ssh directory of the user who will be logging in remotely, that is, in
~/.ssh/authorized_keys.
When executing a command with mm-tools, use these new options:
-pkf The fully qualified path to the
PK_FILE_NAME file, that is, the file with the private key.
-pph The passphrase, if you specified one when creating the public/private key pair. (One example below shows the -pph option.)