CLI cookbook: configuring key-based SSH authentication for automation
This topic describes how to use CLI commands to configure individual users with SSH keys to allow for password-less authentication from a remote host to the CLI in an automated environment.
What is SSH Key-based authentication?
Secure Shell (SSH) is a connection method used to log into UNIX or Linux servers remotely. With Delphix, is it used to connect to the Delphix Command Line Interface (CLI) from a remote computer. This normally requires a password on each connection; however, it is possible to use Key-based Authentication to avoid the password requirement and allow the automation of Delphix commands.
Key-based Authentication relies on a public/private key pair generated on the client system. The private key allows access to any server acknowledging the matching public key as being authorized to login. In order to configure this, a public/private key pair must be created, and the resulting public key should be added to the Delphix server using the CLI.
The default domain user created on Delphix Engines is now admin instead of delphix_admin. When engines created before 5.3.1 are upgraded to 5.3.1 or later they will retain their old username 'delphix_admin'. To avoid complications Delphix recommends creating users with an admin role and then Disabling delphix_admin.
Procedure
Consult your client documentation for information on generating a public/private key pair. The
ssh-keygen
program is typical on UNIX platforms. If you need details on ssh-keygen usage or have unique requirements (such as named RSA keys), see Third-Party SSH Key Generation Example. If you already have a public/private key pair generated on your system, you can skip to step 2.Connect as the user you wish to configure or as a Delphix administrator.
Warning: When you connect to the Delphix Engine with the CLI, you should specify the appropriate namespace (either DOMAIN or SYSTEM). See Connecting to the CLI for more information.
Select the current user, or select a specific user if configuring another user as an administrator.
CODEdelphix> user current
Update the user and set the SSH key.
CODEdelphix user "admin"> update delphix user "admin" update *> set publicKey="[PASTE KEY]" delphix user "admin" update *> commit delphix>
Note:
Avoid Newline Characters with Public Key Entry The public key value, which can be quite long, must be entered as a single string with no newlines. When copying and pasting the public key, be sure to avoid introducing any newline characters. For more information on how to manage multiple public keys for password-less user authentication on Delphix, please visit this Knowledge Base article.
Verify you can authenticate through the Delphix CLI without a passphrase.
Example Using Default SSH Key
CODEssh admin@DOMAIN@delphix-server.example.com Last login: Thu Dec 13 22:16:28 2012 from 192.168.0.2 delphix>
Example Using a Non-default SSH Key File Located at path/to/delphix_key
CODEssh -i path/to/delphix_key admin@DOMAIN@delphix-server.example.com Last login: Thu Dec 13 22:16:28 2012 from 192.168.0.2 delphix>