1.1.1 Generating Keys
Concourse's various components use RSA keys to verify tokens and worker registration requests.
A minimal deployment will require the following keys:
session_signing_key
Used by the
web
node for signing and verifying user session tokens.tsa_host_key
Used by the
web
node for the SSH worker registration gateway server ("TSA").The public key is given to each
worker
node to verify the remote host when connecting via SSH.worker_key
(one per worker)Each
worker
node verifies its registration with theweb
node via a SSH key.The public key must be listed in the
web
node's authorized keys configuration in order for the worker to register.
To generate these keys, run:
concourse generate-key -t rsa -f ./session_signing_key
concourse generate-key -t ssh -f ./tsa_host_key
concourse generate-key -t ssh -f ./worker_key
...and we'll also start on an authorized_keys
file, currently listing this initial worker key:
cp worker_key.pub authorized_worker_keys