Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / SUSE Linux Enterprise High Availability Documentation / Administration Guide / Installation and setup / Logging in to the cluster nodes
Applies to SUSE Linux Enterprise High Availability 15 SP7

4 Logging in to the cluster nodes

  

The crm shell (crmsh) uses passwordless SSH access for communication between the nodes. If you set up the cluster with crm cluster init, the script checks for SSH keys and generates them if they do not exist. If you set up the cluster with the YaST cluster module, you must configure the SSH keys yourself.

By default, crmsh performs certain operations as the root user. However, if you cannot allow passwordless root SSH access, you can set up the cluster as a user with sudo privileges instead.

The following users can set up the cluster on the first node and add more nodes to the cluster:

The root user

Running crmsh as root is the default and does not require any additional configuration. The root user's SSH keys must exist (or be generated) locally on the node, not on a remote system.

To log in to a node as the root user, run the following command: 

user@local> ssh root@NODE
A user with sudo privileges (without SSH agent forwarding)

You must specify this user when you add more nodes to the cluster with crm cluster join -c USER@NODE. The user's SSH keys must exist (or be generated) locally on the node, not on a remote system.

To log in to a node as a sudo user, run the following command: 

user@local> ssh USER@NODE
A user with sudo privileges (with SSH agent forwarding)

You can use SSH agent forwarding to pass your local SSH keys to the cluster nodes. This can be useful if you need to avoid storing SSH keys on the nodes, but requires additional configuration on your local machine and on the cluster nodes.

To log in to a node with SSH agent forwarding enabled, perform the following steps:

  1. On your local machine, start the SSH agent and add your keys to it. For more information, see Automated public key logins with ssh-agent in Security and Hardening Guide for SUSE Linux Enterprise Server.

  2. Log in to the node with the -A option to enable SSH agent forwarding: 

    user@local> ssh -A USER@NODE

When you add nodes to the cluster, you must log in to each node as the same user you set up the first node with.

Important

For simplicity, the commands in this guide assume you are logged in as the root user. If you logged in as a sudo user, adjust the commands accordingly.

Documentation survey