This page provides instructions on how to install the new Percona SSH public key.

For example purposes, assume that the company name is company.biz, the server name is server, and the username to be given to Percona for login is percona. Also for Part 1 below assume that Percona’s original SSH key was set up using these instructions: http://www.percona.com/products/mysql-consulting/policies/percona-encryption-keys

If you have not set up an SSH public key for Percona previously, skip part 1 and proceed to part 2.

Part 1 - Remove the old SSH Key from your systems (if applicable)

  1. Login or switch to the user which has the SSH key installed and change to their home directory.

    user@server.company.biz:~$ su percona
    Password: 
    percona@server.company.biz:/home/user$ cd
    percona@server.company.biz:~$ cd
    

  2. Open the ~/.ssh/authorized_keys file in a text editor such as nano, ViM, or eMacs. Remove the line that contains Percona’s old public key, which is shown below:

    no-agent-forwarding,from="*.jh.percona.com" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApP15RVFMg5kn9muPXWvPjNcITaTSs/GAPC8bw6HKtUGdP34J7Ytc2HMSDWKe22zZ8P2mz8E/FHgkE6mKZfiBryC8W0lzSittDlYLaaL77VvdB3JtNtyn0AwvBvjMFWvIK16Etcz5mXTSnfSoGxnW2HuN47BhAsPyUWoGm4+B+PUNLqjxfj5slYAah6SQmLzHyP5tC9h3E5yQ69bKBZXOZsyY0icu/q+AWzIe0d5A8PsgsIBl5iS65wMv/hVUR1Moz7tSzjpPm0KHl3exHGy0RMhAaZXU7+CmzM5rNpVQWrJmskfNm4dzGYJxqbSd12rMd+SdhsMapNxolYh0SKeX/w==

Part 2 - Install the new key onto your systems

  1. Login or switch to the user that will be supplied to Percona for login and change to their home directory.

    user@server.company.biz:~$ su percona
    Password:
    percona@server.company.biz:/home/user$ cd
    percona@server.company.biz:~$
    

  2. Create the directory to store the public key and ensure the permissions on this directory are set correctly.

    percona@server.company.biz:~$ mkdir -p .ssh
    percona@server.company.biz:~$ chmod 700 .ssh
    

  3. Create the file that will hold the public key and ensure the permissions on this file are set correctly.

    percona@server.company.biz:~$ touch .ssh/authorized_keys
    percona@server.company.biz:~$ chmod 600 .ssh/authorized_keys
    

  4. Copy the text of the public key into the file you just created. This can be done by using the command listed below.
    NOTE: The pressing of the ‘return’ or ‘enter’ key on the keyboard is symbolized by {RETURN}; this text should not be typed literally into the commands. All other text should be typed exactly as shown.

    percona@server.company.biz:~$ cat << EOF >> ~/.ssh/authorized_keys {RETURN}
    no-agent-forwarding,from="*.jh.percona.com" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4tgxNBH7KkmPXsKN6sFepqiFNfUevG4bmRAyPlqDX2eGH2Njww67AQL10c1sU1njjrp7GU+HzDWy0IjXIF6BpapirFMY+drXcwLx/Q216jfIPDTdraAYt/G3IbTDurmzaC8lKxTTDuRNKCO8c6Yc6M5DnOt/R0QfCvdds+ZhPv6StVCW6f1f33wmttMAotg8PRLalJUgzqV8HFKhttj69SRA5SGrnjf6mPpleQrnKNwhmr2tzDqZMHsBQnqhl85vJPUINLNb8ijGb6lqVIEHWWQOfqzU7DM+L5MutMknvqiwovQgfyrDvkYAbU3C47A1CsnGLQEPI8aCngEABD141w=={RETURN}
    EOF {RETURN}
    

    If you decide to add our public key to the authorized_keys file manually using a text editor such as nano, ViM, or eMacs, make sure to include the parameters no-agent-forwarding,from=”*.jh.percona.com”. This ensures extra security by making sure that only Percona staff members can connect to your machine through our dedicated jump host servers.

At this point, the installation of the public key is complete and Percona staff members should be able to connect to your system with the username you have given them. If this is not the case, go through the following troubleshooting checklist:

Troubleshooting Checklist:

  • Does the consultant have the correct username, hostname, and SSH port (if using a port other than the standard port 22)?
  • Is the SSH public key installed for the correct user in the ~/.ssh/authorized_keys file? Make sure you followed the above steps as the user you would like for us to connect with.
  • Does the authorized_keys file contain any unnecessary white space or newlines? The entire public key text should be on a single line with no whitespace on either side of the text.
  • Are the permissions for the ~/.ssh directory (700) and the ~/.ssh/authorized_keys file (600) correct?
  • Have you allowed access for our jump hosts through your firewall? You will need to make sure the following IP addresses are allowed through your firewall for successful connection:
    • bm01.jh.percona.com (74.121.199.238)
    • bm02.jh.percona.com (162.220.4.254)
    • sl1.jh.percona.com (74.86.244.122)
  • Are you limiting which users can connect to your system through the SSH configuration? Make sure that the user you give us has permissions to connect to your machine through SSH.