Chapter 6. Generating a cryptographic key pair
To ensure secure data transmission between the Red Hat Update Appliance (RHUA), content delivery system (CDS), and HAProxy nodes, and to use rhui-manager
to set up those nodes, you must generate a key pair on the RHUA node and copy the public key to CDS and HAProxy nodes.
You can generate either an RSA or an ECDSA key, depending on your use case.
6.1. Generating an RSA key pair
The following steps explain how to generate an RSA key pair for version 2 of the SSH protocol.
Procedure
On the RHUA node, run the
ssh-keygen
command with the RSA argument, and save the key in the default location.WarningLeave the passphrase field blank. CDS installation and registration fails if you provide a passphrase while generating the key pair.
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/USER/.ssh/id_rsa): Created directory '/home/USER/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/USER/.ssh/id_rsa. Your public key has been saved in /home/USER/.ssh/id_rsa.pub. The key fingerprint is: e7:97:c7:e2:0e:f9:0e:fc:c4:d7:cb:e5:31:11:92:14 USER@rhua.example.com The key's randomart image is: +--[ RSA 2048]----+ | E. | | . . | | o . | | . .| | S . . | | + o o ..| | * * +oo| | O +..=| | o* o.| +-----------------+
Confirm that the permissions for the
~/.ssh/
directory are set torwx------
, or700
in octal notation.$ ls -ld ~/.ssh drwx------. 2 USER USER 54 Nov 25 16:56 /home/USER/.ssh/
Copy the public key to the CDS and HAProxy nodes.
$ ssh-copy-id user@<haproxy1> $ ssh-copy-id user@<cds1> $ ssh-copy-id user@<cds2>
6.2. Generating an ecdsa key pair
The following steps explain how to generate an ECDSA key pair for version 2 of the SSH protocol.
Procedure
On the RHUA node, run the
ssh-keygen
command with the ECDSA argument, and save the key in the default location.WarningLeave the passphrase field blank. CDS installation and registration fails if you provide a passphrase while generating the key pair.
$ ssh-keygen -t ecdsa Generating public/private ecdsa key pair. Enter file in which to save the key (/home/USER/.ssh/id_ecdsa): Created directory '/home/USER/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/USER/.ssh/id_ecdsa. Your public key has been saved in /home/USER/.ssh/id_ecdsa.pub. The key fingerprint is: fd:1d:ca:10:52:96:21:43:7e:bd:4c:fc:5b:35:6b:63 USER@rhua.example.com The key's randomart image is: +--[ECDSA 256]---+ | .+ +o | | . =.o | | o o + ..| | + + o +| | S o o oE.| | + oo+.| | + o | | | | | +-----------------+
Confirm that the permissions for the
~/.ssh/
directory are set torwx------
, or700
in octal notation.$ ls -ld ~/.ssh drwx------. 2 USER USER 54 Nov 25 16:56 /home/USER/.ssh/
Copy the public key to the CDS and HAProxy nodes.
$ ssh-copy-id user@<haproxy1> $ ssh-copy-id user@<cds1> $ ssh-copy-id user@<cds2>