Set up passwordless SSH

We can set up passwordless SSH so that you only need issue configuration commands on one node in the HA group.

To set up passwordless SSH we must configure the mqm id on each node, then generate a key on each node for that user. You then distribute the keys to the other nodes, and test the connection to add each node to the list of known hosts. Finally you lock down the mqm id .Note: The instructions assume that we are defining an HA group with separate primary, alternate, and replication interfaces, and you therefore define passwordless SSH access over the primary and alternate interfaces. If we plan to configure a system with a single IP address, then you define passwordless SSH access over that single interface.

Procedure

1. On each of the three nodes, complete the following steps to set up the mqm user and generate an SSH key:
   1. Change the mqm home directory to /home/mqm:

      usermod -d /home/mqm mqm

   2. Create the /home/mqm directory:

      mkhomedir_helper mqm

   3. Add the mqm password:

      passwd mqm

   4. Run the interactive shell as mqm:

      su mqm

   5. Generate the mqm authentication key:

      ssh-keygen -t rsa -f /home/mqm/.ssh/id_rsa -N ''

2. On each of the three nodes, complete the following steps to add that node's key to the other two nodes and test the connections for each nodes primary and (if used) alternate addresses:
   1. Add the key to the remote nodes

      ssh-copy-id -i /home/mqm/.ssh/id_rsa.pub remote_node1_primary_address
      ssh-copy-id -i /home/mqm/.ssh/id_rsa.pub remote_node1_alternate_address
      ssh-copy-id -i /home/mqm/.ssh/id_rsa.pub remote_node2_primary_address
      ssh-copy-id -i /home/mqm/.ssh/id_rsa.pub remote_node2_alternate_address

   2. Check passwordless ssh and update known_hosts for remote nodes:

      ssh remote_node1_primary_address uname -n
      ssh remote_node1_alternate_address uname -n
      ssh remote_node2_primary_address uname -n
      ssh remote_node2_alternate_address uname -n

      For each connection, we are prompted to confirm that we want to proceed. Confirm for each one to update the known_hosts. We must complete this before you attempt to configure the HA group using passwordless SSH.
   3. Exit the interactive shell as mqm:

      exit

3. On each node, as root, complete the following steps to remove the mqm password and lock the id:
   1. Remove the mqm password:

      passwd -d mqm

   2. Lock mqm:

      passwd -l mqm

4. On each node, as root, complete the following steps to set up sudo access for the mqm user:
   1. Edit the sudoers file by using the visudo command:

      visudo

   2. Search for the line "## Allows people in group wheel to run all commands" and add the following text below the line:

      #%mqm    ALL=(ALL)       ALL

   3. Search for the line "## Same thing without a password" and add the following text below the line:

      %mqm            ALL=(ALL)       NOPASSWD: ALL

Parent topic: Requirements for RDQM HA solution