SSH Keys for Deployment and Estate Management

SSH Key pairs can be used to authenticate with your machines instead of using passwords.

First, generate a key pair, optionally without a passphrase, using the command:


[root@xxxxxxxx ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/
The key fingerprint is:
SHA256:uEhaxxxxxxxxxxxxxxxxxxxxxxxxiZFMkRETJlFHQ root@gm-cm-linux
The key’s randomart image is:
±–[RSA 2048]----+
|o@^&E |
|+X/… |
|%+*=o. |
|o@.=.+ . |
|o… * . S |
|. + . . |
| . . . |
| |
| |

Two keys are created: id_rsa (the private key) & (the public key)
These two keys can be used on all systems as a key pair for authorisation.

If not already, move the public key ( on the systems where the Cristie agent will be installed, into /root/.ssh/authorized_keys making sure the file has 700 permissions using the command:

cat > /root/.ssh/authorized_keys

In the example above, the key has already been generated into the ‘/root/.ssh/authorized_keys’ file.

Copy the private key (id_rsa) to a network share accessible from the browser the VA is managed on.

In the VA Estate Management, select the button under SSH Key and find the private key.



If the key is protected by a passphrase, enter it into the “Password / SSH Key Passphrase” field. The VA will then use the key pair to authenticate with the source system