Add a system (client) to SADMIN

Steps to Add a system

  1. Add the server with the web interface
  2. Add the SADMIN root user public key to the new client
Each of these steps are described below.

Add the server with the web interface

  • To add a server to SADMIN inventory, click on "Server" in the "CRUD Operations" ([C]reate [R]ead [U]pdate [D]elete) section at the bottom left of the page.

  • You will be directed to a page that list all your actual SADMIN clients.
  • With this view you can "Update", "Delete" or "Create" servers.
  • To add a new server into SADMIN inventory, simply press the "Create" button at the top right of the page.

  • The page below will then appear and you need to enter the information concerning your server.
  • You can come back later in "Update" mode to modify any of these information.
  • When all the information is entered, just press the "Create" button at the button of the screen.

Add the SADMIN 'root' user public key to the new client

  • Every day your new SADMIN client will produce performance data (via nmon), information that may be used for disaster recovery situation, monitoring reports, start scheduled O/S update, scripts results (log and rch files) that will inform you about the status of your systems.
  • To accomplish this, the SADMIN server need to have root access to client via ssh.
  • To automate the ssh access and to do it in a safely and secure manner we will use the ‘public-key authentication’.
  • So this automated access will be only be possible from the SADMIN server to the clients.
  • Any systems or users that tries to SSH to your SADMIN clients using the ‘root’ user, will get the ‘Permission denied’ message.
  • In this example, the SADMIN server hostname is ‘’ and the SADMIN client is "”.
  • We will now automate the ssh login from ‘’ to ‘’.

  • Trying ssh to client before changing anything

    • Before we change anything, let’s try to ssh to ‘raspi7’.
    • Since this is the first time we are trying to access 'raspi7' from ‘’, it ask us a confirmation.
    • After answering ‘yes’, ‘raspi7’ server key is added to the user (root) known hosts file (/root/.ssh/known_hosts) on the SADMIN server.

    As you can see, we can’t logon to the client using the ‘root’ user.
    root@holmes~# ssh root@raspi7
    The authenticity of host 'raspi7 (' can't be established.
    ECDSA key fingerprint is SHA256:v1d0mK15pA9NtrhqbzFIu4boQoot99UxCi+aFcMs394.
    ECDSA key fingerprint is MD5:99:4e:d6:3a:65:e1:bb:40:ec:ce:da:3b:52:63:ee:f1.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'raspi7,' (ECDSA) to the list of known hosts.
    root@raspi7's password:
    Permission denied, please try again.
    root@raspi7's password:
    Permission denied, please try again.
    root@raspi7's password:
    Permission denied (publickey,password).

    Does user 'root' already have a public and private key ?

    • On the SADMIN server ('holmes'), verify in the ‘root’ user HOME directory (/root), it should have a directory called ‘.ssh’.
    • The '.ssh' directory should contains a private key (id_rsa) and a public key (

    • Your /root/.ssh directory should look a bit like this.
      root@holmes~# ls -l /root/.ssh
      total 48
      -rw-r-----  1 root root  1187 Oct  3  2017 authorized_keys
      -rw-------  1 root root  1675 Feb 23  2016 id_rsa
      -rw-r--r--  1 root root   403 Feb 23  2016
      -rw-r-----  1 root root 26291 Jul 17 09:27 known_hosts

    You don't have ‘root’ private and public key (id_rsa and, run command below:

    • If you have these files (id_rsa and then skip this step.
    • If you don’t, run the command below to generate the 'root' user private and public key.
    • When ask for a passphrase just press [ENTER] to have a blank password.
      root@holmes~/.ssh# ssh-keygen -b 4096 -C "SADMIN server"
      Generating public/private rsa key pair.
      Enter file in which to save the key (/root/.ssh/id_rsa):
      Enter passphrase (empty for no passphrase): [press ENTER]
      Enter same passphrase again: [press ENTER]
      Your identification has been saved in /root/.ssh/id_rsa.
      Your public key has been saved in /root/.ssh/
      The key fingerprint is:
      SHA256:3dd5vZTTv3i8Qa0osnOmp5d0wVKh3Dl2ZziNpvwp3To SADMIN server
      The key's randomart image is:
      +---[RSA 2048]----+
      |           ..    |
      |         . o.. + |
      |          oo= * +|
      |         ..+o= =*|
      |        S ..+..**|
      |          . .=o+=|
      |        ...oo *oo|
      |        .o*. .E+o|
      |        +O   .o+.|
      root@holmes~/.ssh# ls -l id*
      -rw------- 1 root root 1675 Jul 17 09:53 id_rsa
      -rw-r--r-- 1 root root  395 Jul 17 09:53

    Copy the SADMIN server public key to clipboard client:

    • First on the SADMIN server do ;
      • Do a md5sum of the public key (Get a checksum of the file).
      • Do a 'ls' command of the public key (get size of the file).
      • Show the file content and copy the content to the clipboard
      root@holmes~/.ssh # md5sum
      root@holmes~/.ssh # ls -l
      -rw-r--r-- 1 root root 403 Feb 23  2016
      root@holmes~/.ssh # cat
      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/bD8HxYuE/uZfG5ih+xLclsSMg0E6hT3aE1W6ZpMdz5w0Fr2/k9z+QdWkrD

    Paste the SADMIN server public key into file on the client:

    • Open your favorite editor and paste the content of the public key of 'holmes' to that new file (
    • Remember, you MUST not add anything to this file (no newline or carriage return), it must be identical to the one on 'holmes'.
    • Save the file and verify the size and the checksum MUST be identical has the one you had on 'holmes'.
    • If they are not identical the 'ssh' connection won' t work.
      root@raspi7~/.ssh# vi
      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/bD8HxYuE/uZfG5ih+xLclsSMg0E6hT3aE1W6ZpMdz5w0
      "" [New File]
      root@raspi7~/.ssh# ls -l 
      -rw-rw-r-- 1 root root 403 Oct  7 13:13
      root@raspi7~/.ssh# md5sum 

    Include SADMIN server public key into the 'authorized_keys' file

    • The last thing to do is to add our public key at the end of the 'authorized_keys' file.
    • Note, that the 'authorized_keys' file may not exist, before typing the command below.
      root@raspi7~/.ssh# cat >>authorized_keys

    Testing our connection to the new client

    • Run the two commands below to confirm that our automated connection to 'raspi7' work as expected.
    • As you can see, we where able to display the system date on 'raspi7' without having to enter a password (Success!).
    • Important: We need to test with and without the domain name
      root@holmes:~# ssh raspi7 date
      Fri Aug 31 10:48:36 EDT 2018
      root@holmes:~# ssh date
      Fri Aug 31 10:48:39 EDT 2018

    Our client is now configure to work with SADMIN.

Copyright © 2015-2019 - - Suggestions, Questions or Report a problem at