Implementation Guide › Configuring Services › Configuring the Event Log Store › Example: Configure Non-Interactive Authentication for Hub and Spoke › Configure Keys for the Reporting-Remote Storage Pair

Configure Keys for the Reporting-Remote Storage Pair

After you configure and validate non-interactive authentication from each collection server to the reporting server, you configure and validate non-interactive authentication from the reporting server to the remote storage server.

For the example scenario, configuration begins with generating a new RSA key pair on the reporting server, ELM-RPT, and copying the public key as authorized_keys to the /tmp directory of the remote storage server, RSS.

To generate an RSA key pair on the reporting server and copy it to the remote storage server

1. Log into the reporting server as caelmadmin.
2. Switch users to root.
3. Switch users to the caelmservice account.

   su - caelmservice
   

4. Generate the RSA key pair using the following command:

   ssh-keygen -t rsa
   

5. Press Enter to accept the default when each of the following prompts appears:
   • Enter file in which to save the key (/opt/CA/LogManager/.ssh/id_rsa):
   • Enter passphrase (empty for no passphrase):
   • Enter same passphrase again:
6. Change directories to opt/CA/LogManager.
7. Change the permissions of the .ssh directory using the following command:

   chmod 755 .ssh
   

8. Navigate to the .ssh folder.
9. Copy the id_rsa.pub file to RSS, the destination remote storage server, using the following command:

   scp id_rsa.pub caelmadmin@RSS:/tmp/authorized_keys
   

   This creates the authorized_keys file in the /tmp directory on the remote storage server with the content of the public key.