Applies To
- Zenoss Resource Manager 5.x
Summary
This KB describes the process to create and move SSH keys into containers to enable the use of those keys instead of user/password combinations for SSH monitoring and modelling by Zenoss Resource Manager.
Procedure
To create and move SSH keys into containers and enable passwordless monitoring/modelling, perform the following:
- Set the directory permissions:
chmod 0700 $(df -h| grep volumes | awk '{print $NF}')/.ssh - Attach to the zencommand container:
serviced service attach zencommand
- Become the zenoss user:
su - zenoss
- Generate the SSH keys:
- ssh-keygen -t rsa
Note: Leave the passphrase blank, Zenoss does not support using a passphrase.
- Copy the SSH keys to the host system:
ssh-copy-id zenoss@hostname
- Verify you can successfully ssh to the host :
ssh hostname
If the ssh is successful, proceed to the next steps to set the zproperties.
- Exit the zenoss user:
exit
- Exit the container:
exit
- From the UI, update the zproperties values. Set the following on the devices/device classes to provide the required SSH information:
zcommanduser: zenoss zcommandpassword: <leave blank> zkeypath: /home/zenoss/.ssh/id_rsa
Just wanted to point out that running `chmod -Rf 755 .` on the .ssh directory will give warnings that your SSH key permissions are too open and will cause SSH key authentication to fail. SSH keys need to not be readable by Group and Other.
Does this change survive an upgrade ?
How do you deploy the keys into a multi-host environment with multiple collector pools ?