Setting up the SSH key
- Kapil Gupta
Introduction
In this section, we will describe how to configure "SSH" which is useful in following scenarios -
Warm Spare setup.
Advanced Recovery.
SSH Filestore - Saving the backup file to remote server.
First, we will set up shared keys between the two servers so they can communicate across SSH on port 22.
PBX 15+ onward there is no need of generating SSH Keys for the Primary server. Backup & Restore module will take care of generating SSH Keys by itself. But we have to copy the Primary Server SSH Keys to Secondary server to ensure that Primary can communicate with Secondary server easily.
Please note if you are doing this from a fresh install and have never visited the backup and restore module these steps will FAIL.
Before proceeding go to the backup and restore module in the GUI , this triggers creation of keys referenced below.
Once in the module click on the global settings tab and confirm the key is present as shown above
APPLICATION NOTES
Make sure you replace the SecondaryServerIP with the IP Address of your Secondary PBX. (use IP and not a hostname that may be common to both primary and warmspare; if fqdns are desired create 3 records the common name , specific name for primary and specific name for warm spare - ie mypbx.company.com , mypbx1.company.com , mypbx2.company.com)
If the Firewall is configured, pay attention to creating the right rule allowing the two servers to talk to each other.
FreePBX 17 +
In PBX 17+, We have improved the user experience by adding the option in the UI itself to copy the public key.
We are using ECDSA type of public key algorithm for PBX 17 +.
“Public key of this system” field will display the own system public key.
“Public key of other system” field will display the other (secondary / remote/ warmspare) system public key.
On primary server Copy the “Public key of this system” field ssh key and then login to the “secondary server FreePBX UI → Backup & Restore → Global Setting ” and paste this content into the “Public key of other system” field and save & submit.
Repeat the above process to copy the secondary server key to the primary server.
There is no need to doing any manual cli operation now, however if someone wants then can do the same , it just in PBX17+ instead of “/home/asterisk/.ssh/id_rsa.pub” , please use “/home/asterisk/.ssh/id_ecdsa.pub” to add into “authorized_keys” in the path “/home/asterisk/.ssh”.
Freepbx 15/16
We can use any one of the following 2 methods to copy the SSH keys to Secondary (or Warm spare) server.
Manually copy the SSH Keys to Secondary Server
"FreePBX GUI - > Admin → Backup & Restore → Global Settings" has server SSH keys which we can copy to Secondary server manually. (note some browsers may not let you copy this data)
You may copy this key to spare/Secondary server manually to /root/.ssh/authorized_keys file. Create a file called "authorized_keys" (if not present) and add your Public Key in that file. If that file already exists just add your Key to the end of the file (make sure each key is separated by a new line!)
Using SSH CLI command to copy Primary SSH keys to Secondary server (preferred method)
Login to your Primary server with an SSH client such as PuTTy, SecureCRT, or other SSH client.
We will copy the key to the Secondary server with the help of the following command so that the primary server can SSH to the secondary server without needing a password.
At the primary server Linux CLI prompt type:
sudo -u asterisk ssh-copy-id -i /home/asterisk/.ssh/id_rsa.pub root@SecondaryServerIP and enter the password when prompted.
If this command completes without error, you are ready to test:
At the prompt type: ssh -i /home/asterisk/.ssh/id_rsa root@SecondaryServerIP
If all went well, you should now be logged in to the Secondary server.