How to set up passwordless SSH without the root user password on the CA Performance Managment Data Repository

Document ID : KB000009770
Last Modified Date : 01/08/2018
Show Technical Document Details

To set up a multi-node Data Repository cluster passwordless SSH  for the root user is required,
but often root access is only granted via sudo, without the knowledge of the root users password.

In this case you can still generate the public/private key-pair and distribute the public keys
by copying and pasting between the systems.

CA Performance Management, all supported versions

If you have been granted full access and can sudo su - root to become the root user, the procedure below can be followed

1. On each system you are going to install a Data Repository (DR) node, sudo su - root to become the root user and generate the public/private keypair:

ssh-keygen -N "" -t rsa -f ~/.ssh/id_rsa

This will create the following files under the .ssh directory in the home directory of the root user:

id_rsa       (private key) (public key)

These are plain text files there fore the contents of the can be copy/pasted between systems.

2) On each node, make sure the contents of the ~/.ssh/ is appended to the .ssh/authorized_keys2 file in the
    root users home directory on all the nodes in the DR cluster by copying and pasting. Each node should end up with
    the public key of every other system as well as its own.

3) To test on every system run the following replacing <hostname> with the hostname of the DR node you are connecting to:

ssh <hostname> ls

This should be done from each node to every other node and to itself and no password should be required.
Note that if this the first time two systems are connecting to each other vi SSH it may prompt you to confirm
the fingerprint of the server you are connecting to, this is normal.