Go to www.awrcorp.com
Back to search page Click to download printable version of this guide.

4.6.2. Configuring SSH

Analyst uses SSH to communicate with your cluster. To maintain security of the communication, it uses single-factor public key authentication (SSH-RSA and SSH-DSA).

Every user will need a public-private key pair. One or more individuals may access the cluster as a particular user by using the private part of the user's key pair.

Your best resource for creating and installing a key pair is your cluster administrator. The following is offered for reference if no overriding policy is already in place:

  1. As the user (not as root) enter the command ssh-keygen -t rsa at a terminal on the head node of your cluster.

  2. Assuming your local user is called "localuser" you will see output that looks like the following: Generating public/private rsa key pair. Enter file in which to save the key (/home/localuser/.ssh/id_rsa): Press Return to accept this file name and path (or enter a new name).

  3. Next, you will be prompted for a passphrase with which to secure the key. You may either enter a passphrase or leave the passphrase blank. If you leave the passphrase blank, you will be able to use the private key for authentication without entering a passphrase. If you enter a passphrase, you will need both the private key and the passphrase to log in. Your organization may have a policy governing this decision.

  4. This generates a private key, id_rsa, and a public key, id_rsa.pub, in the .ssh directory of the localuser's home directory.

  5. Next you need to add the public key to the file of known authorized users on the cluster. Again as the user (not as root) enter the command cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys at a terminal on the head node of your cluster.

  6. Restrict the permissions of the local user's .ssh directory with the command: chmod 700 ~/.ssh

  7. Restrict the permissions of the files in that directory with the command: chmod 600 ~/.ssh/*

  8. Copy the private key (~/.ssh/id_rsa) to the Windows computer from which you will run Analyst-MP. You will need to know the location of this file on the Windows system when you configure the Linux job scheduler remote host later.

  9. Remember that the private key should not be shared with anyone who should not have access to your cluster! It can be given to any person who wants to access the cluster as "localuser". See “Creating the Linux Job Scheduler Remote Host” for details on setting up user access.

If the Linux cluster has to be accessed through a remotehost/gateway, you have to install the same public-private key pair between your Linux cluster and the remote host. The public key should be installed on the remote host.

Please send email to awr.support@ni.com if you would like to provide feedback on this article. Please make sure to include the article link in the email.

Legal and Trademark Notice