3.8.5. Generating an SSH private key and adding it to the agent
If you want to perform installation debugging or disaster recovery on your cluster, you must provide an SSH key to both your
ssh-agent and the installation program. You can use this key to access the bootstrap machine in a public cluster to troubleshoot installation issues.
In a production environment, you require disaster recovery and debugging.
You can use this key to SSH into the master nodes as the user
core. When you deploy the cluster, the key is added to the
You must use a local key, not one that you configured with platform-specific approaches such as AWS key pairs.
If you do not have an SSH key that is configured for password-less authentication on your computer, create one. For example, on a computer that uses a Linux operating system, run the following command:
$ ssh-keygen -t ed25519 -N '' \ -f <path>/<file_name> 1
- Specify the path and file name, such as
~/.ssh/id_rsa, of the new SSH key. If you have an existing key pair, ensure your public key is in the your
Running this command generates an SSH key that does not require a password in the location that you specified.注記
If you plan to install an OpenShift Container Platform cluster that uses FIPS Validated / Modules in Process cryptographic libraries on the
x86_64architecture, do not create a key that uses the
ed25519algorithm. Instead, create a key that uses the
ssh-agentprocess as a background task:
$ eval "$(ssh-agent -s)"
Agent pid 31874
If your cluster is in FIPS mode, only use FIPS-compliant algorithms to generate the SSH key. The key must be either RSA or ECDSA.
Add your SSH private key to the
$ ssh-add <path>/<file_name> 1
Identity added: /home/<you>/<path>/<file_name> (<computer_name>)
- Specify the path and file name for your SSH private key, such as
- When you install OpenShift Container Platform, provide the SSH public key to the installation program. If you install a cluster on infrastructure that you provision, you must provide this key to your cluster’s machines.