H.3. Generating the Keys
Prev Appendix H. Creating and Configuring a Secure Shell Identity Key-pair for Rivendell Next

H.3. Generating the Keys

In this example, we will generate a pair of files, called rivendell_key and rivendell_key.pub. The first file (rivendell_key) is the private key (also known as the identity file), and will remain on the Rivendell system where it was generated, while the other (rivendell_key.pub) is the public key, which will be deployed to the remote server(s) with which Rivendell will be interacting.

H.3.1. Procedure

Open a command line window on the Rivendell system. (This is sometimes also referred to as a "Terminal" or a "Console" depending upon the desktop environment being used.

The Terminal Window

Enter command to become the 'root' user. On CentOS/RedHat systems, the command to do this is su -, while on Debian/Ubuntu-based systems it is sudo su -. In either case, you will be prompted to enter a password. Enter the password and then press the ENTER key.

Note

You may not see anything echo to the screen while entering the password. This is normal!

You should see the prompt in the terminal change from the dollar sign [$] to a pound sign [#] to signify that the window now as 'root' permissions.

Ordinary Prompt

"Root" Prompt

At the root prompt, enter the following command, followed by the [Enter] key: ssh-keygen -t rsa

The system will respond with:

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):

Enter the following location to save the key pair: /usr/share/rivendell/keys/id_rsa_rivendell, followed by the [Enter] key.

The system will respond with:

Enter passphrase (empty for no passphrase):
      

Enter a passphrase, followed by the [Enter] key. The system will prompt you to repeat the passphrase:

Enter same passphrase again:

 Enter the passphrase again, followed by [Enter]. You should then see output similar to:

Your identification has been saved in /usr/share/rivendell/keys/
id_rsa_rivendell.
Your public key has been saved in /usr/share/rivendell/keys/id_rsa_r
ivendell.pub.
The key fingerprint is:
SHA256:Obdzp8PaV5D68AJULnz+XJjXUmojNqygdu2+blAuaWk root@frozone.para
velsystems.com
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|            .    |
|         . o   . |
|         .= o o .|
|        S*.= . *.|
|        Eoo.O B =|
|       + =o=.X.* |
|      o . +++o*  |
|     . . =*oo+   |
+----[SHA256]-----+

Note

The passphrase is your final line of defense against a malicious actor should they get hold of a copy of your private key. Choose a long phrase that is not easily guessable.

Caution

You will need to enter the passphrase each time you add an an RDCatch event or RSS Feed that uses this identity!

Next, set the ownership of the private key to the rivendell user and group by doing:

chown rivendell:rivendell /usr/share/rivendell/keys/id_rsa_rivendell

followed by the [Enter] key.

The public key now resides at /usr/share/rivendell/keys/id_rsa_rivendell.pub, and can be deployed on remote servers. The private key (ssh identity) resides at /usr/share/rivendell/keys/id_rsa_rivendell. Open RDAdmin, touch Manage Hosts, select the name of host being configured and then touch the Edit button to open the Edit Host and enter the location of the private key in the SSH Ident. File field, then touch the OK button.

Populating the SSH Ident. File Field

Prev Up Next
H.2. Requirements Home Appendix I. Library Text Searches