How to Configure Resource Manager 5.x Monitoring Authentication via SSH to use Keys Instead of user/password

Applies To

  • Zenoss Resource Manager 5.x


This KB describes the process to create and move SSH keys into containers to enable the use of those keys instead of user/password combinations for SSH monitoring and modelling by Zenoss Resource Manager.


To create and move SSH keys into containers and enable passwordless monitoring/modelling, perform the following:

  1. Set the directory permissions:
    chmod 0700 $(df -h| grep volumes | awk '{print $NF}')/.ssh 
  2. Attach to the zencommand container:
     serviced service attach zencommand
  3. Become the zenoss user:
    su - zenoss
  4. Generate the SSH keys:
    - ssh-keygen -t rsa

    Note: Leave the passphrase blank, Zenoss does not support using a passphrase.

  5. Copy the SSH keys to the host system:
     ssh-copy-id zenoss@hostname
  6. Verify you can successfully ssh to the host :
    ssh hostname

    If the ssh is successful, proceed to the next steps to set the zproperties.

  7. Exit the zenoss user:
  8. Exit the container:
  9. From the UI, update the zproperties values. Set the following on the devices/device classes to provide the required SSH information:
    zcommanduser: zenoss
    zcommandpassword:  <leave blank>
    zkeypath: /home/zenoss/.ssh/id_rsa
Was this article helpful?
1 out of 1 found this helpful


  • Avatar
    Jon Magnant

    Just wanted to point out that running `chmod -Rf 755 .` on the .ssh directory will give warnings that your SSH key permissions are too open and will cause SSH key authentication to fail. SSH keys need to not be readable by Group and Other.

  • Avatar
    IT-Servicedesk Credoc - SUSPENDED

    Does this change survive an upgrade ?
    How do you deploy the keys into a multi-host environment with multiple collector pools ?

Powered by Zendesk