When configuring a Linux application server cluster, the OS account that runs the STEP software (default ‘stibosw’) must be able to login via SSH (Secure Shell) between the application servers without being prompted for a password. This secure access is accomplished by using public key authentication.
SSH Setup
-
Select one machine to be the temporary master. This machine is where the initial commands will be run.
-
On the master machine, create a temporary folder in the shared storage area (default /workarea), for example:
cd /workarea mkdir tmpkeys
-
On the same machine, enter the following commands with the stibosw account:
ssh-keygen -t rsa -b 3072 cp -pa ~/.ssh/id_rsa.pub /workarea/tmpkeys/id_rsa-$(hostname).pub
Note: Accept all defaults.
-
On each other machine in the cluster except the master, enter the following commands with the stibosw account:
ssh-keygen -t rsa -b 3072 cp -pa ~/.ssh/id_rsa.pub /workarea/tmpkeys/id_rsa-$(hostname).pub touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys
Note: Accept all defaults.
-
On the master machine again, enter the following commands with the stibosw account:
cd /workarea/tmpkeys for k in *.pub; do cat $k >> id_rsa.all; done cp -pa id_rsa.all >> ~/.ssh/authorized_keys
-
Still on the master machine, run the following command with the stibosw account:
cat /workarea/tmpkeys/id_rsa.all | ssh stibosw@{SERVER_NAME} 'cat >> ~/.ssh/authorized_keys'In the command, the {SERVER_NAME} refers to the name of the next application server in the cluster. For example, if application server 1 is the temporary master, {SERVER_NAME} would refer to application server 2.
-
Repeat the command of the above step on all of the remaining application servers in the cluster.
-
Once the SSH key exchange is done, it is possible for the stibosw user to SSH to any other machine in the cluster using public key authentication.
-
After confirming that public key authentication is working, the /workarea/tmpkeys directory can be deleted from the system.