DX NetOps

When installing or upgrading the Vertica database, used by the data aggregator, passwordless SSH is required.  Operationally, passwordless SSH isn't needed if there's only a single database node, but it seems to be required for multiple nodes of Vertica.  However, installation or upgrading with a single node requires it.  To require a passwordless SSH configuration seems to be a poor security model for an application in today's environment.

I would like to be wrong, so is there any work around to this passwordless SSH for Vertica?

Hi Brian,

This is a bit out of our control being a requirement of the Vertica DB software (not owned by CA). I know we've requested a change to that behavior in the product.

In the mean time were you aware the SSH requirement for the install or upgrade cycle is temporary?

Run the install/upgrade cycle while allowing the SSH to get set up and used. When it completed delete the SSH keys it creates. Shouldn't be any negative behavior after during normal operation.

Later down the line need to upgrade? Repeat the process to allow it and delete the keys when done.

Hope that helps.

Mike

In our environment a passwordless SSH configuration is not allowed even if it's only temporary, because it's an IA network security violation.