Hello Dojo Community,
Has anyone successfully used a private key for authentication on a DNMA?
I attempted to configure this using the Credentials Library tab in the System Settings, but I haven't had any success so far.
This setup is crucial for our use case, where we need to securely offload configuration backups to AWS S3, leveraging private key authentication between the DataMiner Agent and AWS.
If anyone has experience or insights on how to properly implement private key authentication on a DataMiner Agent, your suggestions would be greatly appreciated.
Thank you!
When you say Private key authentication, are you referring to public-private key pairs (like SSH). As far as I know this is not supported by Amazon AWS S3. Typically its Access keys ( Access Key ID and Secret Access Key ).
The Credentials library cannot be used to store public / private keys. See dataminer docs for types of credentials that can be managed using the credential library.
If you are after public-private key authentication like SSH, this can be handled in a connector, but I'll let the developer community go into the nuts and bolts of that.
Curious to also know how you are using Dataminer to do the offloads, are you using the off-the shelf Amazon AWS S3 connector, a custom connector or some custom automation ?
An interesting use-case. Thanks for sharing.
@Wale please if you don’t mind me tweaking this a bit-
Do you know how an EC2 instance can achieve private authentication on DNMA ?
We want to offload a copy of the dataminer backup to cloud via an ec2 (first copy to ec2 and then can easily move the file to s3) where we want to use public private key authentication.
What are the steps for this and where do I add the private key on the Dataminer agent(like .ssh/authorised keys or a different location) and If we would also need a user to authenticate from the EC2, do we need to create a user locally on the DNMA?
Can the same user be used to login or ssh into the DNMA with the public key ?
Hi Samson, a Dataminer Agent by itself does not support private-public key authentication.
You will need to develop a connector that authenticates using private-public keys and then copies the files to your EC2 instance. In the connector you specify the path where the private key is stored. This is how you can leverage Dataminer to achieve this.
Let’s take Dataminer out of the picture for a moment, if you wanted to simply authenticate between the windows server the agent is running on and your EC2 instance (running Linux as an example); you simply generate your key pair, store your private key on the Linux server and you should be able to SSH into the windows server with the appropriate user.
You will however not be able to login to the Dataminer agent in this manner as this not supported. If I am interpreting the last part of your question correctly i.e. trying to make a distinction between login to the windows server and login to the Dataminer agent.
On a side note, since you are already exploring storing your DMA data to the cloud perhaps our Storage as a Service (STaaS) could be of interest also. Please check the Dataminer docs for more info.
Hope this helps.
@Wale , many thanks for your time and great insights.
What’s the location of our/the public key on the Dataminer instance, here we use windows?
Hello Wale,
Thank you for your time and valuable suggestions.
Yes, when I mentioned private key authentication, I was indeed referring to public-private key pairs, similar to SSH.
Here’s a link to our use case for further context: https://community.dataminer.services/question/seeking-insights-on-offloading-dataminer-backups-to-aws-s3/