Chapter 6. Generating a cryptographic key pair


To ensure secure data transmission between the Red Hat Update Appliance (RHUA), content delivery system (CDS), and HAProxy nodes, and to use rhui-manager to set up those nodes, you must generate a key pair on the RHUA node and copy the public key to CDS and HAProxy nodes.

You can generate either an RSA or an ECDSA key, depending on your use case.

6.1. Generating an RSA key pair

The following steps explain how to generate an RSA key pair for version 2 of the SSH protocol.

Procedure

  1. On the RHUA node, run the ssh-keygen command with the RSA argument, and save the key in the default location.

    Warning

    Leave the passphrase field blank. CDS installation and registration fails if you provide a passphrase while generating the key pair.

    $ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/USER/.ssh/id_rsa):
    Created directory '/home/USER/.ssh'.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/USER/.ssh/id_rsa.
    Your public key has been saved in /home/USER/.ssh/id_rsa.pub.
    The key fingerprint is:
    e7:97:c7:e2:0e:f9:0e:fc:c4:d7:cb:e5:31:11:92:14 USER@rhua.example.com
    The key's randomart image is:
    +--[ RSA 2048]----+
    |             E.  |
    |            . .  |
    |             o . |
    |              . .|
    |        S .    . |
    |         + o o ..|
    |          * * +oo|
    |           O +..=|
    |           o*  o.|
    +-----------------+
  2. Confirm that the permissions for the ~/.ssh/ directory are set to rwx------, or 700 in octal notation.

    $ ls -ld ~/.ssh
    drwx------. 2 USER USER 54 Nov 25 16:56 /home/USER/.ssh/
  3. Copy the public key to the CDS and HAProxy nodes.

    $ ssh-copy-id user@<haproxy1>
    $ ssh-copy-id user@<cds1>
    $ ssh-copy-id user@<cds2>

6.2. Generating an ecdsa key pair

The following steps explain how to generate an ECDSA key pair for version 2 of the SSH protocol.

Procedure

  1. On the RHUA node, run the ssh-keygen command with the ECDSA argument, and save the key in the default location.

    Warning

    Leave the passphrase field blank. CDS installation and registration fails if you provide a passphrase while generating the key pair.

    $ ssh-keygen -t ecdsa
    Generating public/private ecdsa key pair.
    Enter file in which to save the key (/home/USER/.ssh/id_ecdsa):
    Created directory '/home/USER/.ssh'.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/USER/.ssh/id_ecdsa.
    Your public key has been saved in /home/USER/.ssh/id_ecdsa.pub.
    The key fingerprint is:
    fd:1d:ca:10:52:96:21:43:7e:bd:4c:fc:5b:35:6b:63 USER@rhua.example.com
    The key's randomart image is:
    +--[ECDSA  256]---+
    |       .+ +o     |
    |       . =.o     |
    |        o o +  ..|
    |         + + o  +|
    |        S o o oE.|
    |           + oo+.|
    |            + o  |
    |                 |
    |                 |
    +-----------------+
  2. Confirm that the permissions for the ~/.ssh/ directory are set to rwx------, or 700 in octal notation.

    $ ls -ld ~/.ssh
    drwx------. 2 USER USER 54 Nov 25 16:56 /home/USER/.ssh/
  3. Copy the public key to the CDS and HAProxy nodes.

    $ ssh-copy-id user@<haproxy1>
    $ ssh-copy-id user@<cds1>
    $ ssh-copy-id user@<cds2>
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.