Skip to content

SSH public key authentication

ULB Podcast edited this page Jun 3, 2014 · 1 revision

Usage of SSH keys

SSH keys are used in EZcast to allow EZmanager to remotely launch scripts on other servers (which are EZrenderer and EZrecorder). EZmanager shares its public SSH key with EZrecorder and EZmanager, which have to add it in their .ssh/authorized_keys file.

Generation of SSH keys

EZmanager

EZmanager needs an SSH key-pair for Apache user.

During the installation of EZcast (at the end of the install.sh script), you will be asked if you want to create an SSH key-pair for Apache. If you do, the SSH key-pair will be automatically created. The script will first verify whether Apache user has a home directory or not. If not, you will be requested to create a homedir for Apache (in /etc/passwd) and retry. When Apache user has a home directory, the script tests if there is a public SSH key yet (searches for ~<Apache_user>/.ssh/id_dsa.pub). If not, it creates the SSH key-pair.

You can create the SSH key-pair for Apache user in command line:

# execute the following command as Apache user
ssh-keygen -t dsa

EZrenderer

EZrenderer needs an SSH key-pair to communicate with EZmanager. You will have to add the public SSH key from EZmanager (EZcast) in the authorized_keys file of EZrenderer. Make sure that the public SSH key of EZrenderer is added in the known_hosts file of EZmanager (EZcast).

The SSH connection will be tested each time you create a new renderer in the web interface of EZadmin.

You can create the SSH key-pair for EZrenderer in command line:

# execute the following command on EZrenderer server, as EZrenderer user
ssh-keygen -t dsa
# add the public SSH key of EZmanager to authorized keys
cd ~<ezrenderer_user>/.ssh
echo <public ssh key from EZmanager> >> authorized_keys

EZrecorder

EZrecorder needs an SSH key-pair to communicate with EZmanager. You will have to add the public SSH key from EZmanager (EZcast) in the authorized_keys file of EZrecorder. Make sure that the public SSH key of EZrecorder is added in the known_hosts file of EZmanager (EZcast).

You can create the SSH key-pair for EZrecorder in command line:

# execute the following command on EZrecorder, as EZrecorder user (typically ezrecorder)
ssh-keygen -t dsa
# add the public SSH key of EZmanager to authorized keys
cd ~<ezrecorder_user>/.ssh
echo <public ssh key from EZmanager> >> authorized_keys

Note

Make sure that the SSH key-pair is never placed in the webspace. It might be the case if Apache user's homedir is the webspace. In that case, change Apache user's homedir.