Troubleshooting
Problem
The SSH connectivity to a remote host prompts for a password and the connection is not established until administrator enters the remote host's password.
Symptom
Trying to establish an SSH session to the host fails with the following error:
[root@console ~]# ssh <remote_host>
root@<remote_host>'s password:
Cause
The console's public key is not in the remote host's authorized_keys file.
Resolving The Problem
Administrators use the ssh-copy-id to copy the console's public key into the /root/.ssh/authorized_keys file in the remote host:
- Use SSH to log in to the QRadar Console as the root user.
- Run the ssh-copy-id command to copy the console's public key:
Note: Replace <remote_host> with the IPv4 address of the remote host.ssh-copy-id <remote_host>
Output example:/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@<remote_host>'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '<remote_host>'" and check to make sure that only the key(s) you wanted were added.
Result
The console's public key is appended to the remote host's authorized_keys. For more information about public-based authentication, see QRadar: What is public key authentication?
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
13 July 2023
UID
ibm17009035