Hi,

Nikhil Mone

Nikhil Mone

In this article we will discuss about how to authenticate with the server, generate new SSH keys, and manage multiple SSH keys for OpenShift user accounts.OpenShift uses the Secure Shell (SSH) network protocol to authenticate your account credentials to the OpenShift servers for secure communication. Successful authentication is necessary to manage your cloud environment, and OpenShift supports both RSA and DSA keys.

Here we will discuss about a newly created user “testuser” and a machine that has never communicated to OpenShift server, and the requirement is to manage the Cloud apps from this new machine.

How to create a new key and authenticate with OpenShift server :

Step-1 : Manually generate a new pair of keys:

$ ssh-keygen -t <key type>

where <key type> is the type of key you want to generate, either dsa or rsa.

For example :

..
[testuser@testuser ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/testuser/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/testuser/.ssh/id_rsa.
Your public key has been saved in /home/testuser/.ssh/id_rsa.pub.
The key fingerprint is:
9e:96:1c:b2:a6:6a:c2:92:d5:c6:67:c3:87:70:b1:21 testuser@testuser.csb
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|    E o          |
|     . +         |
|    . o          |
|   o +..S        |
|  . + *=.+       |
|.o . ooo*        |
|+..  o .         |
|.o...            |
+-----------------+

In above the command asks to “Enter file in which to save the key (/home/testuser/.ssh/id_rsa):” just hit enter to keep it blank.
================

Step-2 : Add the new public key to the user account:

$ rhc sshkey add -i <key name> -k <key path>

where <key path> is the path and filename of the public key that you want to add, and <key name> is a name that you specify to identify this key.

for eg:

..
[testuser@testuser ~]$ rhc sshkey add -i mytest -k /home/testuser/.ssh/id_rsa.pub -l openshiftuserid@blah.com
Password: ********

MESSAGES:
OpenShift is currently being upgraded. See https://openshift.redhat.com/app/status for more information.
..

Step-3 : Add the new public key to the SSH agent:

$ ssh-add <KeyPath>

for eg:

..
[testuser@testuser ~]$ ssh-add /home/testuser/.ssh/id_rsa
Enter passphrase for /home/testuser/.ssh/id_rsa:
Identity added: /home/testuser/.ssh/id_rsa (/home/testuser/.ssh/id_rsa)
..

Step -4 : Authenticate your keys with the OpenShift server:

$ rhc domain status -l openshiftuserid@blah.com

for eg :

..
[testuser@testuser ~]$ rhc domain status -l openshiftuserid@blah.com
Password: ********

Analyzing system
..Enter PEM pass phrase:
.....
=========================================================
||  Congratulations, your system has passed all tests  ||
=========================================================
..

Step-5 : Now lets list all the ssh keys associated to our domain :

$ rhc sshkey list -l openshiftuserid@blah.com

for eg :

..
$ rhc sshkey list -l openshiftuserid@blah.com

[testuser@testuser ~]$ rhc sshkey list -l openshiftuserid@blah.com
Password: ********

SSH keys
========
       Name: default
       Type: ssh-rsa
Fingerprint: 9e:96:1c:b2:a6:6a:c2:92:d5:c6:67:c3:87:70:b1:21

       Name: 18junetest
       Type: ssh-rsa
Fingerprint: e3:8a:6b:24:2f:b2:e6:ce:bc:3c:fa:34:fa:4a:0b:05

       Name: mytest
       Type: ssh-rsa
Fingerprint: ca:0f:e1:3f:ec:13:2a:9e:ce:de:55:40:7b:01:de:d3

       Name: testdomain
       Type: ssh-rsa
Fingerprint: b6:e3:c8:f3:37:f6:53:3c:cb:9b:b7:c8:a6:d5:fa:28
..

Step-6 : We can confirm that our keys are working by running simple rhc command.

$ rhc domain show -l openshiftuserid@blah.com

for eg:

..
[testuser@testuser ~]$ rhc domain show -l openshiftuserid@blah.com
Password: ********

MESSAGES:
OpenShift is currently being upgraded. See https://openshift.redhat.com/app/status for more information.

User Info
=========
Namespace: testdomain
  RHLogin: openshiftuserid@blah.com

Application Info
================
log4jtest
    Framework: jbossas-7
     Creation: 2012-06-17T12:02:56-04:00
         UUID: 722be2a5e3574f5b90da0754977bc176
      Git URL: ssh://722be2a5e3574f5b90da0754977bc176@log4jtest-testdomain.rhcloud.com/~/git/log4jtest.git/
   Public URL: http://log4jtest-testdomain.rhcloud.com/

 Embedded:
      None
..

Above shows it is working fine, so now you can manage your cloud apps from any machine, provided that you have the client tool installed.

Thanks,

MiddlewareMagic team 🙂

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.