Using SSH keys

For UNIX-based systems, you can use private RSA keys to connect with a specific user. To do so, you first need to create a user as well as an RSA key. If you already have a Discovery user that you want to connect to the system (or an LDAP user), start with generating an RSA key.

Create a Discovery user

Log in to the UNIX system with permissions to create a user, then type in the following commands to create a user:

1. "user add discousr -m" (Create a user with the login name "discousr" and a default home directory.)
2. "passwd discousr" (Change the password for the user.)
3. "adduser discousr sudo" (Add the user to the shudders group.)
4. "su - discousr" (Change to the created user).

Generate an RSA key

Before you create a key, you need to create a file named authorized_keys inside the ~/.ssh folder of the remote host that will contain the public key (id_rsa.pub file). If the file already exists, you can append the new public key.

cat $HOME/.ssh/id_rsa.pub >> authorized_keys

1. To generate a key, type in the following commands:
   1. "ssh-keygen -t rsa -m PEM" (Generate the RSA key files.)
   2. $HOME/.ssh/id_rsa (Create your private RSA key. This file will be used by the Discovery tool.)
   3. $HOME/.ssh/id_rsa.pub (Create your public RSA key).
2. Copy the public RSA key "ssh-copy-id discousr@localhost" (this is also required for connecting to the host).
3. Copy the private RSA key file to the system that is running the Discovery tool (for example create a subfolder to "C:\Program Files\Discovery\rsakeys\"). You also should rename the "id_rsa" file to something like "discousr_id_rsa" so you're able to identify the key file for each credential.
4. Use the private RSA key file as described in Set up Discovery - Credentials.