Previous Topic: Configure Keys for Additional Collection-Reporting PairsNext Topic: Validate Non-Interactive Authentication Between Collection and Reporting Servers

Implementation GuideConfiguring ServicesConfiguring the Event Log StoreExample: Configure Non-Interactive Authentication for Hub and SpokeCreate a Single Public Key File on the Reporting Server and Set File Ownership

Create a Single Public Key File on the Reporting Server and Set File Ownership

In our scenario thus far, we have generated key pairs on each collection server and copied the public key portion to the reporting server as the following files:

Step 3 is to concatenate these files, move the resulting RSA public key file to the correct directory, and set directory and file ownership to caelmservice.

To create a combined public key file in the correct directory on the reporting server and set file ownership

  1. Log into the reporting CA User Activity Reporting Module server through ssh as caelmadmin.
  2. Switch users to root.
  3. Change directories to the CA User Activity Reporting Module folder: 
    cd /opt/CA/LogManager
  4. Create the .ssh folder: 
    mkdir .ssh
  5. Change the ownership of the new folder to the caelmservice user and group: 
    chown caelmservice:caelmservice .ssh
  6. Change directories to /tmp
  7. Add the contents of the public keys from the collection servers ELM-C2, ELM-C3, and ELM-C4 to the authorized_keys file that contains the public key from ELM-C1. 
    cat authorized_keys_ELM-C2 >> authorized_keys

    cat authorized_keys_ELM-C3 >> authorized_keys

    cat authorized_keys_ELM-C4 >> authorized_keys
  8. Change directories to opt/CA/LogManager/.ssh
  9. Copy the authorized_keys file from the /tmp folder to the current folder, .ssh: 
    cp /tmp/authorized_keys .
  10. Change the ownership of the authorized_keys file to the caelmservice account: 
    chown caelmservice:caelmservice authorized_keys
  11. Change the permissions on the file: 
    chmod 755 authorized_keys

    755 means read and execute access for everyone and read, execute, and write access for the owner of the file

This completes the configuration of password-less authentication between the collection servers and the reporting server.