...
Component relevant to MettleCI
The misconfiguration of SSH-related files on the DataStage Engine on which you have MettleCI Workbench installed can give rise to various symptoms, most of which are characterised by the failure of one system to form a trusted connection with another. This troubleshooting article describes the general configuration you should adopt for correct SSH operation.
Correct Configuration
Permissions should be…zpage describes the SSH components relevant to MettleCI, and how those components should be configured for successful operation.
This page assumes you are running MettleCI Workbench on a Unix-based host under a user called mciworkb (link).
| Gliffy | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
MettleCI CLI
Some MettleCI CLI commands which communicate with the DataStage Engine tier are dependent upon the correct configuration of the mciworkb user's .ssh folder and its contents.
Directory /mciworkb/.ssh
The directory /home/mciworkb/.sshshould have the following properties:
owned by user ownership of
mciworkbhave group ownership of
dstage.have permissions of
700(drwx------)
...
For example:
| Code Block |
|---|
$> ls -ld /home/mciworkb/.ssh
drwx------ 2 root root 144 Feb 16 14:31 .ssh |
These properties can be established with the following commands:
| Code Block |
|---|
$> chown mciworkb:dstage /home/mciworkb/.ssh # Ownership $> chmod 700 /home/mciworkb/.ssh # Permissions |
For example:
| Code Block |
|---|
$> ls -ld /home/mciworkb/.ssh
drwx------ 2 root root 144 Feb 16 14:31 .ssh
$> |
Files within /mciworkb/.ssh
The directory /home/mciworkb/.sshshould have at least two files:contain the file authorized_keys
...
which effectively controls inbound connections from other hosts. It contains the SSH public keys of
...
hosts that are permitted to connect to
...
your DataStage Engine using key-based authentication. This
...
known_hosts - A file containing a list of keys? from known hosts that you have logged into from the server in which the known_hosts file lives.
A file associated with a specific account that contains one or more host keys. Each host key is associated with an SSH server address (IP or hostname) so that the server can be authenticated when a connection is initiated.
the following properties
...
owned by user mciworkb
...
directory may also contain other files such as known_hosts or config which are not required for successful MettleCI operations.
The authorized_keys file should have the following properties:
user ownership of
mciworkbgroup ownership of
dstage.have permissions of
700600(drwxdrw-------)
This can be established with…
| Code Block | ||
|---|---|---|
| ||
$> chown mciworkb:dstage /home/mciworkb/.ssh/authorized_keys # Ownership $> chmod 700600 /home/mciworkb/.ssh/authorized_keys # Permissions |
For example:
| Code Block |
|---|
$> ls -ld /home/mciworkb/.ssh
drwx------ 2 root root 144 Feb 16 14:31 .ssh
$> |
...
| ||
$> ls -ld /home/mciworkb/ |
...
.ssh/authorized_keys
-rw------- 1 mciworkb dstage |
...
1167 Feb 16 14: |
...
26 .ssh/ |
...
and
| Code Block |
|---|
$> chmod 600 .ssh/workbench $> chmod 600 .ssh/workbench.pub $> chmod 600 .ssh/authorized_keys $> chmod 600 .ssh/known_hosts $> chmod 600 .ssh/config |
Solution
(solution, including…
| Code Block |
|---|
$> practical
$> resolution
$> steps |
Related Articles
...
List related articles (with links)
...
Either manually entered, or
...