Secure VERDE Gateway install and configuration Instructions

            Product Line:  VERDE

             

            These instructions are for each VERDE Gateway host and each VERDE Cluster Master candidate. (Note: If 3 VERDE Gateway hosts and 2 VERDE Cluster Master candidates are being configured, 2 "authorized_keys" files will be required with each containing 3 public key lines

             

            On all VERDE Gateway hosts, do the following:

            1.  Install the VERDE software via the CD/DVD created by the ISO downloaded from the VERDE resource site (Please refer to the VERDE Administrator Guide sections “VERDE Gateways” for installation requirements and preparation and section “Installing VERDE on Bare Metal”. 

            2.  During the VERDE Server Configuration process, a request for “External Storage Type” will occur.  Select “3 – Do not configure mount point”.

            3.  SSH into the VERDE Gateway.

            4.  Switch from root user to vb-verde user:

            • su - vb-verde

            5.  Delete any existing .ssh directories (in /home/vb-verde): 

            • rm -rf .ssh

            6.  Create passphraseless key:

            • ssh-keygen -t rsa
            • Do NOT enter a passphrase, use default file location.

            7.  SSH to Cluster Master candidates to add the gateways  

            • ssh vb-verde@IPADDRESS
            • Accept "yes", then CTRL-C at the password prompt, no need to actually log in)

            8.  Exit back to root:

            • exit

            9.  Run "/usr/lib/verde/bin/verde-config -i", set Isolate GW parameters by following the “Configuring the Isolated Gateway Server” using the parameters shown in Table 38: Gateway Configuration Settings starting on Page 166 of the VERDE Administrator Guide.

            10.  VERDE Gateway is now configured.

             

            On all VERDE Cluster Master candidates, do the following:

            1.  Install and configure the VERDE Cluster Master on all Cluster Master candidates via instructions in the VERDE Administrator Guide.

            2.  SSH into the VERDE Cluster Master.

            3.  Switch from root user to vb-verde user:

            • su - vb-verde

            4.  Create a new .ssh directory:

            • mkdir .ssh
            • chmod 700 .ssh
            • cd .ssh

            5.  Create a “authorized_keys” file in the /home/vb-verde/.ssh directory on the VERDE Cluster Master.

            6.  For each VERDE Gateway, select the key ("cat id_rsa.pub") from within the /home/vb-verde/.ssh directory (located on the Gateway server) into your copy-paste buffer

            7.  Use the Linux vi editor to edit the "authorized_keys" file in the /home/vb-verde/.ssh subdirectory on the Cluster Master:

            • vi authorized_keys
            • Type i to go into "typing insert mode".
            • Paste the key, make sure it starts with "ssh-rsa".
            • Position cursor at first column of the line, before "ssh-rsa" and type:

            command="/usr/lib/verde/bin/verde-mc-runas vb-verde -",no-port-forwarding,no-pty

            • Add one space between "pty" and "ssh-rsa".
            • Type ESC to exit out of "typing insert mode".
            • Type ZZ to save and exit.  (or, if a mistake is made, use  :q!   to not save)
            • Run “chmod 600 /home/vb-verde/.ssh/authorized_keys” to apply the required access rights to the authorized_keys file.
            • Do all the above steps for the id_rsa.pub files on all gateway nodes.

                        

            Test each VERDE Gateway Host communication with Cluster Master by doing the following:

            1.  SSH into the VERDE Gateway.

            2.  Switch from root user to vb-verde user:

            • su - vb-verde

            3.  Run the following command as user vb-verde

            •  /usr/lib/verde/bin/verde-mc-runas root verdecmon-ni -c hello

            4.  Exit code should return a value of zero.  If a 127 code appears, there's an error.


            5.  If installing via rpm's disable/stop the iptables.
             
            • /etc/init.d/iptables stop
            • chkconfig iptables off

             


            Updated: 07 Mar 2018 08:38 AM
            Helpful?  
            Help us to make this article better
            0 0