Secure VERDE Gateway install and configuration Instructions

Secure VERDE Isolated Gateway install and configuration Instructions

Product Line:  VERDE


These instructions are for each VERDE Gateway host and each VERDE Cluster Master candidate. (Note: If 3 VERDE Gateway hosts and 2 VERDE Cluster Master candidates are being configured, 2 "authorized_keys" files will be required with each containing 3 public key lines


On all VERDE Gateway hosts, do the following:

1.  Install the VERDE software via the CD/DVD created by the ISO downloaded from the VERDE resource site (Please refer to the VERDE Administrator Guide sections “VERDE Gateways” for installation requirements and preparation and section “Installing VERDE on Bare Metal”. 

2.  During the VERDE Server Configuration process, a request for “External Storage Type” will occur.  Select “3 – Do not configure mount point”.

3.  SSH into the VERDE Gateway.

4.  Switch from root user to vb-verde user:

  • su - vb-verde

5.  Delete any existing .ssh directories (in /home/vb-verde): 

  • rm -rf .ssh

6.  Create passphraseless key:

  • ssh-keygen -t rsa
  • Do NOT enter a passphrase, use default file location.

7.  SSH to Cluster Master candidates to add the gateways  

  • ssh vb-verde@IPADDRESS
  • Accept "yes", then CTRL-C at the password prompt, no need to actually log in)

8.  Exit back to root:

  • exit

9.  Run "/usr/lib/verde/bin/verde-config -i", set Isolate GW parameters by following the Configuration planning and Installation Guide” , Page 47.

10.  VERDE Gateway is now configured.


On all VERDE Cluster Master candidates, do the following:

1.  Install and configure the VERDE Cluster Master on all Cluster Master candidates via instructions in the VERDE Administrator Guide.

2.  SSH into the VERDE Cluster Master.

3.  Switch from root user to vb-verde user:

  • su - vb-verde

4.  Create a new .ssh directory (/ho:

  • mkdir .ssh
  • chmod 700 .ssh
  • cd .ssh

5.  Create a “authorized_keys” file in the /home/vb-verde/.ssh directory on the VERDE Cluster Master.

6.  For each VERDE Gateway, select the key ("cat") from within the /home/vb-verde/.ssh directory (located on the Gateway server) into your copy-paste buffer

7.  Use the Linux vi editor to edit the "authorized_keys" file in the /home/vb-verde/.ssh subdirectory on the Cluster Master:

  • vi authorized_keys
  • Type i to go into "typing insert mode".
  • Paste the key, make sure it starts with "ssh-rsa".
  • Position cursor at first column of the line, before "ssh-rsa" and type:

command="/usr/lib/verde/bin/verde-mc-runas vb-verde -",no-port-forwarding,no-pty

  • Add one space between "pty" and "ssh-rsa".
  • Type ESC to exit out of "typing insert mode".
  • Type ZZ to save and exit.  (or, if a mistake is made, use  :q!   to not save)
  • Run “chmod 600 /home/vb-verde/.ssh/authorized_keys” to apply the required access rights to the authorized_keys file.
  • Do all the above steps for the files on all gateway nodes.


Test each VERDE Gateway Host communication with Cluster Master by doing the following:

1.  SSH into the VERDE Gateway.

2.  Switch from root user to vb-verde user:

  • su - vb-verde

3.  Run the following command as user vb-verde

  •  /usr/lib/verde/bin/verde-mc-runas root verdecmon-ni -c hello

4.  Exit code should return a value of zero.  If a 127 code appears, there's an error.

5.  If installing via rpm's disable/stop the iptables.
  • /etc/init.d/iptables stop
  • chkconfig iptables off


    • Related Articles

    • Secure Browser

      Product Line: VERDE As of VERDE 8.3.4, a new feature has been introduced: Secure Browser (a.k.a. Containers), Secure Browser/Containers Explained The Secure Browser feature provides users with browser access to the Internet with profound protection ...
    • Choosing the Right VERDE Install Instructions with Postgres Database (Centos7)

      Product Line: VEREDE As of VERDE 8.3.4, the database POSTGRES is used. The database is much more nimble and efficient. Due to the new database, there are design changes that need to be explained. If the customer plans to only install VERDE on one ...
    • Instructions for a WPAD.PAC File to VERDE DHCPD or Proxy Gateway

      Produce Line:  VERDE The following is the documentation on adding wpad.pac file to Verde DHCPD or Proxy Gateway:                      Steps to Modify the DHCPD Process for Including wpad.pac file   #]  cat dhcpd.conf.template ddns-update-style ...
    • Installing Centos7.x for VERDE 8.2.1, 8.2.2(rpm) vGPU, 8.2.2 and 8.2.3+

      Product Line:  VERDE With the new Centos 7, installation and networking have changed.  Here are the instructions to get VERDE 8.2.1  and 8.2.2(rpm) and Centos 7 installed. Burn Centos 7 Minimal to a CD/DVD or USB Install the OS Select your timezone ...
    • Installing Multi Server VERDE (RPM) 8.3.4 and Above with Postgres Database

      Product Line: VERDE ***As A Reminder: If you're planning to deploy VERDE using a clustered environment, for example: Cluster Master, Cluster Master Candidate, numerous VDI only servers then there are significant changes that need to be considered. A ...