Skip to content

Getting Started

Jump to bottom
Eric Schreiber edited this page Nov 14, 2023 · 11 revisions

The directions below walk through the steps to build and install ETCE and set up SSH for use.

Building and Installing

ETCE can be built as an RPM or DEB from the python-etce project. The master branch always contains the latest release. Older versions are available as tags. Use the develop branch to access the latest non-stable source.

Version 1.2.2 added Python 3 support. Packages are built for Python 3 by default. Use the configure --with-python2 option to build for Python 2. The directions below build for the Python version displayed by /usr/bin/python --version for the given Linux distro.

===

Rocky Linux 8

[you@host]$ sudo dnf install automake autotools libtool make rpm-build python-setuptools epel-release

[you@host]$ git clone https://github.com/adjacentlink/python-etce
[you@host]$ cd python-etce
[you@host]$ ./autogen.sh
[you@host]$ ./configure
[you@host]$ make rpm
[you@host]$ sudo dnf install dist/python-etce-*.rpm

Ubuntu 20.04 and 22.04

[you@host]$ sudo apt-get install libtool autoconf automake debhelper python-setuptools python-stdeb

[you@host]$ git clone https://github.com/adjacentlink/python-etce
[you@host]$ cd python-etce
[you@host]$ ./autogen.sh
[you@host]$ ./configure
[you@host]$ make deb
[you@host]$ sudo dpkg -i deb_dist/python-etce_*.deb
[you@host]$ sudo apt-get install -f

SSH Configuration

ETCE connects to worker nodes using SSH with public key authentication. This section decribes the steps for configuring SSH for use with ETCE. Consult the ssh-keygen, sshd and ssh_config man pages for detailed information.

It's important to note that ETCE uses Paramiko to make SSH connections to worker nodes. The ETCE Paramiko based SSH client is not identical to the ssh command line application. To support the versions of Paramiko available on target Linux distros, the ETCE client imposes some SSH configuration restrictions. These are noted below.

Generate an RSA Public Key

ETCE requires a PEM format RSA key for operation. Use ssh-keygen to generate a new key. The example below creates a 4096 bit key named your_key_name:

[you@host]$ ssh-keygen -b 4096 -m PEM -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/you/.ssh/id_rsa): /home/you/.ssh/your_key_name
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/you/.ssh/your_key_name.
Your public key has been saved in /home/you/.ssh/your_key_name.pub.
The key fingerprint is:
SHA256:9JFmGq+mv9qzW+g/bYPI/0TdTM2zsm9TQffkPgniN8o you@host
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|           .   o+|
|        o =   .+*|
|       . B o o ==|
|        S + o.oo=|
|         o o oooo|
|       .+.oo+.. o|
|       =+.oE+ .o |
|      ooBBo+.....|
+----[SHA256]-----+

[you@host]$ ls -1 /home/you/.ssh/your_key_name*
/home/you/.ssh/your_key_name
/home/you/.ssh/your_key_name.pub

Add The Key To authorized_keys

sshd consults a file listing the set of public keys it accepts when a connection and authentication attempt occurs. The default file is .ssh/authorized_keys in the home directory of the target user account.

The ETCE Tutorial, executes on your local machine. The EMANE demonstrations in the tutorial require privileged access to launch emane. In order to work through the tutorial, add your public key to the authorized_keys file for yourself and for root:

[you@host]$ cat /home/you/.ssh/your_key_name.pub >> /home/you/.ssh/authorized_keys
[you@host]$ sudo su -
[you@host]$ cat /home/you/.ssh/your_key_name.pub >> /root/.ssh/authorized_keys

SSH Config

The etce-test application accepts an sshkey argument to name the key to use when running tests. Alternatively, ETCE recognizes keys specified by your SSH configuration file. When added to the end of ~/.ssh/config, this Host stanza selects your_key_name for public key authentication when connecting to a host not covered by any previous Host rule in the file:

Host *
  HashKnownHosts no
  HostKeyAlgorithms ssh-rsa
  PreferredAuthentications publickey
  IdentityFile /home/you/.ssh/your_key_name

The PreferredAuthentications and IdentityFile parameters configure your default authentication mechanism to public key using your_key_name. The other two parameters help to address the restrictions of the ETCE based Paramiko SSH client. The HostKeyAlgorithms setting indicates to servers that RSA is your preferred algorithm. HashKnownHosts no prevents entries in the local known_hosts file from being hashed. ETCE recognized entries appear this way:

HOSTNAME1 ssh-rsa AAAAB3NzaC1yc2EAAA...
HOSTNAME2 ssh-rsa AAAAzia39aoaAAAQD6...
  ...
Clone this wiki locally