Previous Topic: Configure Keys for First Collection-Reporting PairNext Topic: Create a Single Public Key File on the Reporting Server and Set File Ownership

Implementation GuideConfiguring ServicesConfiguring the Event Log StoreExample: Configure Non-Interactive Authentication for Hub and SpokeConfigure Keys for Additional Collection-Reporting Pairs

Configure Keys for Additional Collection-Reporting Pairs

The second step of configuring non-interactive authentication for a hub and spoke architecture is to generate an RSA key pair on each additional collection server and copy it to the /tmp directory of the common reporting server as authorized_keys_n, where n uniquely references the source collection server.

To generate an RSA key pair on additional collection servers and copy the public key to a common reporting server.

  1. Log into the second collection server ELM-C2 through ssh as caelmadmin.
  2. Switch users to root.
  3. Switch users to the caelmservice account. 
    su - caelmservice
  4. Generate the RSA key pair using the following command: 
    ssh-keygen -t rsa
  5. Press Enter to accept the default when each of the following prompts appears:
  6. Change directories to /opt/CA/LogManager.
  7. Change the permissions of the .ssh directory using the following command: 
    chmod 755 .ssh
  8. Navigate to .ssh, where id_rsa.pub key is saved.
  9. Copy the id_rsa.pub file to ELM-RPT, the destination CA User Activity Reporting Module server, using the following command: 
    scp id_rsa.pub caelmadmin@ELM-RPT:/tmp/authorized_keys_ELM-C2

    This creates the authorized_keys_ELM-C2 file on the reporting server with the content of the public key.

  10. Type yes followed by the caelmadmin password of ELM-RPT
  11. Type exit.
  12. Repeat steps 1-11 of this procedure on collection servers ELM-C3. For Step 9 specify the following: 
    scp id_rsa.pub caelmadmin@ELM-RPT:/tmp/authorized_keys_ELM-C3
  13. Repeat steps 1-11 of this procedure on collection servers ELM-C4. For Step 9 specify the following: 
    scp id_rsa.pub caelmadmin@ELM-RPT:/tmp/authorized_keys_ELM-C4