Install Remote Control Targets
After you complete the installation of at least one Keyfactor Bash Orchestrator The Bash Orchestrator, one of Keyfactor's suite of orchestrators, is used to discover and manage SSH keys across an enterprise., you can configure other Linux servers in the environment as control targets for this orchestrator Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores.. This is done by running a script on the target servers that installs the SSH The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. public key In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. matching the orchestrator's private key Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure. on the target server, along with making a few configuration changes. This allows the orchestrator service on the orchestrator (the local Linux user keyfactor-bash) to communicate with the targets using secured SSH.
To configure orchestrator targets:
- On the orchestrator machine, locate the remoteinstall.sh script in the /opt/keyfactor-bash-orchestrator directory. Do not use the remoteinstall-template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received..sh script found in the source material under Installation. This script has not been modified to contain the specific public key of your orchestrator.Tip: A copy of the configured remoteinstall.sh script may also be found in the directory from which you executed the installation of the Keyfactor Bash Orchestrator.
- Copy the customized remoteinstall.sh script to the orchestrator target that you wish to configure and place it in a temporary working directory.
- On the Linux machine you wish to control with the orchestrator, in a command shell change to the temporary directory where you placed the remoteinstall.sh script.
- Use the chmod command to make the script file executable. The file ships in a non-executable state to avoid accidental execution. For example:sudo ./chmod +x remoteinstall.sh
- In the command shell, run the remoteinstall.sh script as root with no parameters. There is no output from the command when it completes successfully.
sudo ./remoteinstall.sh
The script creates a directory, /opt/keyfactor-bach-orchestrator-client, and places the public key of the orchestrator Linux service account user in an authorized_keys file within it. It also creates a local service account user (see Create a Service Account for the Keyfactor Bash Orchestrator) and grants this user ownership on this file to allow the orchestrator server service account to perform tasks on the target.
Log messages are written to the standard Linux syslog. The location of these will vary depending on the system OS.