Configuring a target machine (SSH-based propagation)
You need to install slave scripts on your target machine and authorize access to machine (SSH key). All installed scripts are then located in /opt/perun/bin/.
1. Install Perun slave packages
2. Enable DNS Resolution for SSH Daemon
Edit /etc/ssh/sshd_config and add:
UseDNS yesrestart the daemon to apply changes.
Machines with Perun instance usually have two IP addresses, one for IPv4 and one for IPv6. Without enabling UseDNS, you must specify access for each IP address separately in the next step.
3. Add Perun's SSH Key
Add Perun’s SSH key to ~/.ssh/authorized_keys. Restrict the key usage for the particular Perun host and the program to run, e.g.
from="perun.cesnet.cz",command="/opt/perun/bin/perun" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC26+QiDtZ3bnLiLllySgsImSPUX0/sFBmo//3PmqOsuJIBdWB5BLU5Ws+pTRxefqC8SHfI92ZQoGXe7aJniTXxbRPa0FZJ3fskAHwpbiJfstGVZ1hddBcHIvial3v5Rd++zRiKslDVTkXLlb+b1pTnjyTVbD/6kGILgnUz7RKY5DnXADVnmTdPliQCabhE41AhkWdcuWpHBNwvxONKoZJJpbuouDbcviX4lJu9TF9Ij62rZjcoNzg5/JiIKTcMVi8L04FTjyCMxKRzlo00IjSuapFnXQNNZUL5u/mfPA/HpyIkSAOiPXLhWy9UuBNo7xdrCmfTh1qUvzbuWXJZN3d9 perunv3@perun.ics.muni.cz4. Configure firewall
Allow SSH connection from Perun to the target machine (usually port 22).
5. Check user rights
Ensure the user (can be configured custom, usually root) has the necessary privileges to manage the service on your machine.
Support: perun@cesnet.cz