SSH public key authentication


Instead of using password authentication - anywhere where you're able to provide SSH credentials (hypervisors, VMs applications, etc) you also have the public key alternative.**. By default, Storware Backup & Recovery uses the /opt/vprotect/.ssh/id_rsa path, however, you also can override it with your own path*. *(this needs to be owned by vprotect user and make sure it has the 0400 permission set. **You don't have to pass a passphrase, you can leave this parameter blank.


Storware Backup & Recovery does not support keys other than "RSA"


1. Generate a key or use yours and store it as /opt/vprotect/.ssh/id_rsa (make sure that the vprotect user and group own the file)

  • example key generation:

[root@vProtect3 vprotect]# sudo -u vprotect ssh-keygen -t rsa -m PEM
Generating public/private rsa key pair.
Enter file in which to save the key (/opt/vprotect/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /opt/vprotect/.ssh/id_rsa.
Your public key has been saved in /opt/vprotect/.ssh/
The key fingerprint is:
SHA256:86HSLKYwl7maDR7U1oIH1Y6VDtRFNJgHgfdjikg3VnQ vprotect@vProtect3
The key's randomart image is:
+---[RSA 2048]----+
|   .o=+XE        |
|   .o X...       |
|  .  O o         |
|  .+=.o +        |
| .o+=o.oS..      |
| ..o.+.o + .     |
|  = + + + .      |
| . O + o         |
|  +.+            |

2. use ssh-copy-id to upload your public key (as vprotect user) to the KVM host:

sudo -u vprotect ssh-copy-id -i /opt/vprotect/.ssh/ root@HYPERVISOR

3. Check if you're able to log in to the hypervisor using the local vprotect user without being asked for the password:

[root@vProtect3]# sudo -u vprotect ssh -i /opt/vprotect/.ssh/id_rsa root@dkvm
Last failed login: Mon Jan 29 17:53:01 CET 2018 from on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Mon Jan 29 17:52:39 2018 from
[root@dKVM ~]# logout

4. Now you should be able to index VMs regardless of the password set for the hypervisor (the key should be used instead)

5. Provide path to key (default: /opt/vprotect/.ssh/id_rsa) in Storware Backup & Recovery dashboard

Last updated