Difference between revisions of "Configure SSH connection between servers"

From Kolmisoft Wiki
Jump to navigationJump to search
Line 1: Line 1:
Manual configuration:
Manual configuration:


On GUI server:
On the GUI server:


  ifconfig <and mark IP of GUI server>
  ifconfig <and mark IP of GUI server>


  rm /var/www/.ssh/id_rsa
  # Make an SSH key set special for Passenger Apache
  rm /var/www/.ssh/id_rsa.pub
  mkdir -p /var/www/.ssh/
su apache
ssh-keygen -t rsa
<Press ENTER 3 times>
exit
chmod 700 /var/www/.ssh
cp /var/www/.ssh/id_rsa.pub /var/www/html


# Generate an RSA key with NO passcode
ssh-keygen -f /var/www/.ssh/id_rsa -q -t rsa -N


On APP (Remote) server:
# Make Apache the owner of the keys
chown -R apache:apache /var/www/.ssh/


  # move old pub file (backup)
  # Share the public key with the servers
cd /root
  cat /var/www/.ssh/id_rsa.pub | ssh USER@SERVER_IP 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
mv id_rsa.pub id_rsa.pb.old
  # Repeat this step for all the remote servers you want your GUI to connect to (change USER and SERVER_IP correspondingly)
#  download pub key from GUI server
  wget http://<GUI_SERVER_IP>/id_rsa.pub
 
mkdir /root/.ssh
touch /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
chmod 700 /root/.ssh
# include pub key into authorize_keys file
cat /root/id_rsa.pub >> /root/.ssh/authorized_keys
  rm -rf /root/id_rsa.pub
ifconfig <and mark IP of APP server>
 
 
On GUI server:
 
su apache
ssh -o StrictHostKeyChecking=no root@<IP of APP server> -f "exit"
# should see: Warning: Permanently added '<IP of APP server>' (RSA) to the list of known hosts.
#test
ssh root@<IP of APP server>
ifconfig
#should see that you are on APP server
# log out
exit
rm -fr /var/www/html/id_rsa.pub

Revision as of 10:05, 13 December 2016

Manual configuration:

On the GUI server:

ifconfig <and mark IP of GUI server>
# Make an SSH key set special for Passenger Apache
mkdir -p /var/www/.ssh/
# Generate an RSA key with NO passcode
ssh-keygen -f /var/www/.ssh/id_rsa -q -t rsa -N 
# Make Apache the owner of the keys
chown -R apache:apache /var/www/.ssh/
# Share the public key with the servers
cat /var/www/.ssh/id_rsa.pub | ssh USER@SERVER_IP 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'
# Repeat this step for all the remote servers you want your GUI to connect to (change USER and SERVER_IP correspondingly)