Rivendell supports the use of a public/private key pair (also referred to as an "identity" in the Secure Shell documentation) for SFTP file transfers. This appendix provides an example of how to generate and install such a set of key pair files so that they can be used by Rivendell. This procedure uses the ssh-keygen1 program, which should be already installed on any system running Rivendell. If not, it can be obtained most distros by installing the openssh package. In this example, we will generate a pair of files, called rivendell_key and rivendell_key.pub. The first file (rivendell_key) is the private key (also known as the identity file), and will remain on the Rivendell system where it was generated, while the other (rivendell_key.pub) is the public key, which will be deployed to the remote server(s) with which Rivendell will be interacting. Open a command line window on the Rivendell system. (This is sometimes also referred to as a "Terminal" or a "Console" depending upon the desktop environment being used. The Terminal Window Enter command to become the 'root' user. On CentOS/RedHat systems, the command to do this is su -, while on Debian/Ubuntu-based systems it is sudo su -. In either case, you will be prompted to enter a password. Enter the password and then press the ENTER key. You may not see anything echo to the screen while entering the password. This is normal! You should see the prompt in the terminal change from the dollar sign [$] to a pound sign [#] to signify that the window now as 'root' permissions. Ordinary Prompt "Root" Prompt At the root prompt, enter the following command, followed by the [Enter] key: ssh-keygen -t rsa The system will respond with: Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter the following location to save the key pair: /usr/share/rivendell/keys/id_rsa_rivendell, followed by the [Enter] key. The system will respond with: Enter passphrase (empty for no passphrase): Enter a passphrase, followed by the [Enter] key. The system will prompt you to repeat the passphrase: Enter same passphrase again: Enter the passphrase again, followed by [Enter]. You should then see output similar to: Your identification has been saved in /usr/share/rivendell/keys/ id_rsa_rivendell. Your public key has been saved in /usr/share/rivendell/keys/id_rsa_r ivendell.pub. The key fingerprint is: SHA256:Obdzp8PaV5D68AJULnz+XJjXUmojNqygdu2+blAuaWk root@frozone.para velsystems.com The key's randomart image is: +---[RSA 2048]----+ | | | . | | . o . | | .= o o .| | S*.= . *.| | Eoo.O B =| | + =o=.X.* | | o . +++o* | | . . =*oo+ | +----[SHA256]-----+ The passphrase is your final line of defense against a malicious actor should they get hold of a copy of your private key. Choose a long phrase that is not easily guessable. You will need to enter the passphrase each time you add an an RDCatch event or RSS Feed that uses this identity! Next, set the ownership of the private key to the rivendell user and group by doing: chown rivendell:rivendell /usr/share/rivendell/keys/id_rsa_rivendell followed by the [Enter] key. The public key now resides at /usr/share/rivendell/keys/id_rsa_rivendell.pub, and can be deployed on remote servers. The private key (ssh identity) resides at /usr/share/rivendell/keys/id_rsa_rivendell. Open RDAdmin, touch Manage Hosts, select the name of host being configured and then touch the Edit button to open the Edit Host and enter the location of the private key in the SSH Ident. File field, then touch the OK button. Populating the SSH Ident. File Field