Implementation Guide › Configuring Services › Configuring the Event Log Store › Example: Configure Non-Interactive Authentication for Hub and Spoke › Configure Keys for First Collection-Reporting Pair

Configure Keys for First Collection-Reporting Pair

Configuring non-interactive authentication for a hub and spoke architecture begins with generating an RSA public key/private key pair on a collection server and copying the public key to its reporting server. You copy the public key file with the name authorized_keys. Assume that this key is the first public key copied to the specified reporting server.

To generate a key pair on the first collection server and copy the public key to a reporting server

1. Log into the ELM-C1 through ssh as the caelmadmin user.
2. Switch users to root.

   su -
   

3. Switch users to the caelmservice account.

   su - caelmservice
   

4. Generate the RSA key pair using the following command:

   ssh-keygen -t rsa
   

5. Press Enter to accept the default when each of the following prompts appears:
   • Enter file in which to save the key (/opt/CA/LogManager/.ssh/id_rsa):
   • Enter passphrase (empty for no passphrase):
   • Enter same passphrase again:
6. Change directories to opt/CA/LogManager.
7. Change the permissions of the .ssh directory using the following command:

   chmod 755 .ssh
   

8. Navigate to .ssh, where id_rsa.pub key is saved.

   cd .ssh
   

9. Copy the id_rsa.pub file to ELM-RPT, the destination CA User Activity Reporting Module server, using the following command:

   scp id_rsa.pub caelmadmin@ELM-RPT:/tmp/authorized_keys
   

   This creates the authorized_keys file on the reporting server with the content of the public key.