User Authentication using Keys via PuTTY

SAP Admins have to constantly log in to the server at OS level to carry out their every day tasks. A normal setup of SAP landscapes involves tens and hundreds of servers and logging on to these servers using passwords is error prone or slightly delayed by requiring to access password vaults.

A simple solution is to use public-private keys to authenticate the users. You generate a key pair. Keep the private key a secret and upload the public key on the server. Then use the private key while logging on through PuTTY. Because you are keeping Private Key a secret, server accepts connections via the Private Key to recognize you.

User authentication using public private keypair

To set this up we first need to create the key pair

  1. Download PuTTYgen and start it
  2. Click on Generate button to generate public and private key pair

  3. Move the mouse cursor to generate randomness

  4. Save the private key and copy the public key (or save the public key)

  5. We now have the key pair

Place the Public Key on the server

  1. Log on to the server with the user name for which you want to set this authentication up
  2. Create .ssh folder
    mkdir ~/.ssh
  3. Create authorized_keys file with the public key as its contents (you have copied or saved it in step 4 above)
    cd ~/.ssh
    vi authorized_keys
  4. Make sure directory can be traversed only by user user ID (some operating systems will not authenticate if other users can view or edit the keys)
    chmod 700 ~/.ssh
  5. Make sure authorized_keys is accessible only on your user ID
    chmod 600 ~/.ssh/authorized_keys

Set up PuTTY to authenticate using Private Key

  1. Start PuTTY and populate the hostname or IP address of the server to which you wish to connect

  2. On the left hand side, choose Connection > Data and populate the user ID

  3. Now expand SSH > Auth and populate the path to your Private Key

  4. Save your changes
  5. Next time you wish to log on, open the save PuTTY session!
All of this is obviously possible if the server allows authentication through keys. Did you know, you can log on to Service Marketplace without passwords, using logon tickets?

Comments

Post a Comment

Popular posts from this blog

OS/DB Migration - CMD. STR, TOC, EXT, R3load, DDLDBS.TPL and more

Image
With increasing need to improve performance or reduce costs or vanishing support for operating systems/databases it becomes inevitable to migrate to a better OS or DB. We feel take a quick look at the primary ingredients of the tools for OS/DB migration handled by R3SETUP. Tools - R3load, R3ldctl and R3szchk R3ldctl creates STRucture files, TemPLate files by reading the technical settings for table/indexes in SAP data dictionary. R3szchk calculates the database size object sizes (EXTent files) for the target system based on the STR files created by R3ldctl. The EXT and STR files can be later split into smaller groups. The most crucial tool R3load is responsible for unloading and loading data from the database. R3load uses the files created by R3ldctl and R3szchk and dumps the data into compressed binary format as .001, .002 .. files. It uses cmd files to achieve the task. If the cmd files are not present, it creates on its own. Files Command files*.cmd  are created i
Read more

Fixing Inconsistent Table - Table activation fails due to inconsistency between DD and DB

If you find a table to be available on the database, but not active in ABAP dictionary, try calling SE14 as DDIC user, enter the table name and choose Table > Reconstruct, Execute. If this method fails follow these steps: Call transaction code SE37 and execute the function module  DD_TABL_ACTM with single test On the next screen, do not change any other field except the following and set them as shown below: MODE: 12 NTAB_PUTSTATE: N TABNAME: <enter the correct table name> Click on Execute The export parameter ACT_RESULT should show 0. To verify if the inconsistency is fixed, call transaction SE14 > Extras > Database Object > Check and  SE14 > Extras > Runtime object > Check.
Read more

301 Redirect Using SAP Web Dispatcher

301 redirects are typically used to redirect accesses that include www to non-www or vice-versa. Example, when you call http://blogger.com, the call is redirected to www.blogger.com. An end-user may prefer to call a URL in any manner. You must ensure that all these calls are redirected to relevant URLs with content. SAP web dispatcher can be configured to send a redirect (301) to the client. To enable redirection add icm/HTTP/redirect_<xx> to the web dispatcher's profile file. The parameter uses the following syntax: icm/HTTP/redirect_<xx> = PREFIX=<URL prefix>[, FROM=<pattern for URL>, FROMPROT=<incoming protocol>, FOR=<pattern for host name:port>,TO=<new URL prefix>, PROT=<protocol>, HOST=<host>, PORT=<port number/name>] Let's say you want to redirect all the HTTP requests on mysource.com on 80 port to mytarget.com on HTTPS 443 port icm/HTTP/redirect_0 = PREFIX=/, FROM=*, FROMPROT=http, FOR=mysource.com:80,
Read more