...
- The remote Linux system must have access to the public IP address and the SSH port of the Charon-SSH host instance in the cloud.
- The private key necessary to access the instance must be available on the remote Linux system. The key-pair required to access the cloud instance is typically associated with the instance when it is created.
Please note: If the key-pair is not created automatically during the launch of the instance, you can create it using a command similar to the following:
Sample 1:# ssh-keygen -t rsa -b 4096 -f ~/.ssh/<keyname> -qSample 2:# ssh-keygen -t ecdsa -f ~/.ssh/<keyname>-q
Please note: if your management system supports it, for RHEL 9.x, Rocky Linux 9.x, and Oracle Linux 9.x use SSH key types ECDSA or ED25519. This will allow connecting to these Linux systems using an SSH tunnel without the default crypto-policy settings on the Charon host having to be changed for less secure settings. See also: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening. If the Linux host system runs RHEL, CentOS, or Oracle Linux 7.x the bridge-utils package must be installed, if the Charon Manager configuration options (vs. manual configuration) are to be used.
- The autossh package must be installed on the remote Linux system.
- The Charon host must allow SSH tunnels. This is preconfigured on Charon-SSP marketplace images. On conventional RPM installations, make sure that PermitTunnel is set to yes in /etc/ssh/sshd_config. If the root user is to be used for the tunnel creation, a key-based login should be set up for this user (PermitRootLogin set to without-password), Restart the SSH daemon after changes to the file (
#systemctl restart sshd).
...