Implementation Guide › Configuring Services › Configuring the Event Log Store › Example: Configure Non-Interactive Authentication for Hub and Spoke › Configure Keys for Additional Collection-Reporting Pairs
Configure Keys for Additional Collection-Reporting Pairs
The second step of configuring non-interactive authentication for a hub and spoke architecture is to generate an RSA key pair on each additional collection server and copy it to the /tmp directory of the common reporting server as authorized_keys_n, where n uniquely references the source collection server.
To generate an RSA key pair on additional collection servers and copy the public key to a common reporting server.
- Log into the second collection server ELM-C2 through ssh as caelmadmin.
- Switch users to root.
- Switch users to the caelmservice account.
su - caelmservice
- Generate the RSA key pair using the following command:
ssh-keygen -t rsa
- Press Enter to accept the default when each of the following prompts appears:
- Enter file in which to save the key (/opt/CA/LogManager/.ssh/id_rsa):
- Enter passphrase (empty for no passphrase):
- Enter same passphrase again:
- Change directories to /opt/CA/LogManager.
- Change the permissions of the .ssh directory using the following command:
chmod 755 .ssh
- Navigate to .ssh, where id_rsa.pub key is saved.
- Copy the id_rsa.pub file to ELM-RPT, the destination CA Enterprise Log Manager server, using the following command:
scp id_rsa.pub caelmadmin@ELM-RPT:/tmp/authorized_keys_ELM-C2
This creates the authorized_keys_ELM-C2 file on the reporting server with the content of the public key.
- Type yes followed by the caelmadmin password of ELM-RPT
- Type exit.
- Repeat steps 1-11 of this procedure on collection servers ELM-C3. For Step 9 specify the following:
scp id_rsa.pub caelmadmin@ELM-RPT:/tmp/authorized_keys_ELM-C3
- Repeat steps 1-11 of this procedure on collection servers ELM-C4. For Step 9 specify the following:
scp id_rsa.pub caelmadmin@ELM-RPT:/tmp/authorized_keys_ELM-C4
