Home > SCOM, System Center, Ubuntu > SCOM 2012–Create Agent Maintenance Account to support SSH Key

SCOM 2012–Create Agent Maintenance Account to support SSH Key

So I guess my last post for 2012, I am working on setting up monitoring of some Linux servers using SCOM 2012 SP1. One of the requirements is to setup a account for Agent Maintenance. I am going to explain how I setup the Ubuntu server to accept a user account and support a SSH as authentication. And hopefully at the end we will have a account that will work with SCOM 2012.

I am using Ubuntu version 12.04 LTE, I have deployed a standard server that is ready for me to logon with my default account I created on install.

Operations Manager contains three predefined profiles to use in monitoring UNIX and Linux computers and performing agent maintenance:

image_thumb43

The Linux Action Account is used for basic health and performance monitoring, the Linux Privileged account is used for monitoring protected resources and actions that require higher privileges and the Linux agent account is used for agent maintenance operations.

I am using Ubuntu version 12.04.1 LTS, I have deployed a standard server that is ready for me to logon with my default account I created on install.

Logon to the Server using your favourite method, I am using Virtual Machine manager 2012 console.

SNAGHTML95778c_thumb1

Create a user:

sudo adduser <username">

Follow the instructions to create a standard user account.

SNAGHTML88b07e

Next we need to configure sudo elevation for the user account we just created.

Use the vusudo program to edit the sudo configuration.

sudo visudo

Find the section root ALL=(ALL:ALL) ALL

Insert under it the same but replace root with the username you just created and add “NO PASSWRD: ALL

eg

<Username> ALL=ALL:ALL) NOPASSWD: ALL

SNAGHTMLca4c73

This is allow the user account to sudo without supplying a password which is a requirement of SCOM monitoring.

Next we need to create some authentication keys.

1.Download yourself a copy of Putty Generator and open it.

2.Select Generate and move the mouse around the blank area at the top until it has generated you a set of keys.

The text displayed at the top is the public key.

3.Copy and past that into notepad (we will need this later) but exclude the last part (rsa-key-20121229)

4.Type in a passphrase in the two available boxes

5.Select “Save Private Key” and save it to a safe place.

 

image

 

You have now generated a set of keys made up of a public and private key, the private key is protected with a Passphrase, the next step is to configure the server with this.

1.Logon to the server with the user account we created above using Putty.

2. Create a folder and file

mkdir /home/scom-agentacct/.ssh

nano /home/scom-agentacct/.ssh/authorized_keys

3. Paste in the public key you created using Putty Generator and save the file.

Next we need to set the permissions on the new folder and the file.

1. Specify exclusive owner access to the directory

cd /home/<username>

chmod 700 .ssh

2. navigate to .ssh directory

3 Give the user read and write permissions to the authorized keys file:

chmod 600 authorized_keys

 

Ones this has been completed, go back to the SCOM Console and update the Run AS accounts and the Profile and test… Smile

Advertisements
Categories: SCOM, System Center, Ubuntu Tags: ,
  1. Cathy
    February 24, 2013 at 3:52 pm

    Thank you, very informative and helpful 🙂

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: