Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Arrow up icon
GO TO TOP
OPENSHIFT COOKBOOK

You're reading from   OPENSHIFT COOKBOOK Over 100 hands-on recipes that will help you create, deploy, manage, and scale OpenShift applications

Arrow left icon
Product type Paperback
Published in Oct 2014
Publisher Packt
ISBN-13 9781783981205
Length 430 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Shekhar Gulati Shekhar Gulati
Author Profile Icon Shekhar Gulati
Shekhar Gulati
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Getting Started with OpenShift 2. Managing Domains FREE CHAPTER 3. Creating and Managing Applications 4. Using MySQL with OpenShift Applications 5. Using PostgreSQL with OpenShift Applications 6. Using MongoDB and Third-party Database Cartridges with OpenShift Applications 7. OpenShift for Java Developers 8. OpenShift for Python Developers 9. OpenShift for Node.js Developers 10. Continuous Integration for OpenShift Applications 11. Logging and Scaling Your OpenShift Applications A. Running OpenShift on a Virtual Machine
Index

Working with the SSH key passphrases

In the Uploading SSH keys using the web console recipe, you learned how to create a new SSH key pair and upload it to an OpenShift account. The SSH key pair was created with an empty passphrase. The passphrase is a password to protect the private key. The empty passphrase avoids reentering a passphrase every time you use the key, but it might cause some security concerns. This recipe will walk you through the process of securing your SSH keys while avoiding having to re-enter the passphrase every time you use the key.

Getting ready

To step through this recipe, you will need the OpenSSH SSH connectivity tools installed on your machine.

To make sure that the OpenSSH client tool is installed, run the following command:

$ ssh -V
OpenSSH_6.2p2, OpenSSL 1.0.1e-fips 11 Feb 2013

The output of the preceding command will depend on the operating system and OpenSSH version installed on your machine. If you get ssh: command not found, then the OpenSSH tools are not installed on your machine.

This recipe will use the WordPress application created in the Uploading SSH keys using the web console recipe.

How to do it…

Perform the following steps to use SSH key passphrases:

  1. Passphrases can be added during key creation time or to an existing key without regenerating a new key pair. As you have already created the key pair in the Uploading SSH keys using the web console recipe, we will reuse this key pair. You will use ssh-keygen to add a key pair to the existing key:
    $ ssh-keygen -p
    Enter file in which the key is (/home/vagrant/.ssh/id_rsa):
    Key has comment '/home/vagrant/.ssh/id_rsa'
    Enter new passphrase (empty for no passphrase): <Enter passphrase>
    Enter same passphrase again: <Enter passphrase again>
    Your identification has been saved with the new passphrase.
    
  2. Now, if you try to SSH into the application gear, you will be asked to enter the passphrase.
  3. Next, run the ssh-agent command. The ssh-agent command, which is a part of the OpenSSH toolbelt, is another tool that stores your passphrase securely so that you do not have to re-enter the passphrase. You can run the ssh-agent command by typing the following:
    $ ssh-agent $SHELL
    
  4. To add the passphrase, run the ssh-add utility:
    $ ssh-add
    Enter passphrase for /home/vagrant/.ssh/id_rsa: <Enter passphrase>
    Identity added: /home/vagrant/.ssh/id_rsa (/home/vagrant/.ssh/id_rsa)
    
  5. Connect to the application gear to see the SSH agent in action. You will notice that you are not asked to enter the passphrase:
    $ ssh 52b823b34382ec52670003f6@blog-osbook.rhcloud.com ls
    app-deployments
    app-root
    git
    mysql
    php
    phpmyadmin
    
  6. Exit the shell to end the ssh-agent session. If you try to connect with the application gear now, you will be asked to enter the passphrase:
    $ ssh 52b823b34382ec52670003f6@blog-osbook.rhcloud.com ls
    Enter passphrase for key '/home/vagrant/.ssh/id_rsa':
    

How it works…

The ssh-agent utility stores the SSH keys in memory. It caches the private keys and responds to the authentication queries from SSH clients. The ssh-add utility is used to add and remove keys from ssh-agent. In step 1, you added the passphrase to your existing key. By default, it will use the default key, id_rsa, in the .ssh folder, but you can provide another SSH key file using the -i option. Now, SSH into the application gear and you will be asked to enter the passphrase:

$ ssh 52b823b34382ec52670003f6@blog-osbook.rhcloud.com ls
Enter passphrase for key '/home/vagrant/.ssh/id_rsa':

Step 2 starts the agent by forking the existing shell. It sets some environment variables required by the SSH agent. Next, in step 3, you add the SSH key into the agent. It asks for the passphrase to decrypt the private key. After decryption, it adds the private key to the agent's cache.

Finally, in step 4, you connect to the application gear using the ssh client. This time you will not be asked to enter the passphrase as the agent already cached the private key.

You can terminate the agent or log out from the shell to end the session.

See also

  • The Uploading SSH keys using the web console recipe
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime