©2015 -
Information Technology
Solaris SSH User Key Authentication
Sometimes there is a need to have auto authentication using keys for an existing Solaris user account to connect to another server without being prompted with a password. This could be useful when running batch scripted processes that require to login to multiple hosts to gather or process data. This setup is also required for Oracle RAC cluster configuration. Based on the quick reference guide provided by Sun Microsystems/Oracle -
MY SETUP OBJECTIVES
- There are two hosts involved in the setup -
s11node1.vlabs.net and s11node2.vlabs.net - The OS account oragrid user that exist on both nodes need to be able to connect via the secure shell without being prompted by a password.
1. Generate an RSA key-
@node1:
oragrid@s11node1:~$ which ssh-
/usr/bin/ssh-
oragrid@s11node1:~$ ssh-
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/oragrid/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oragrid/.ssh/id_rsa.
Your public key has been saved in /export/home/oragrid/.ssh/id_rsa.pub.
The key fingerprint is:
32:f4:b8:6d:84:78:61:89:e8:c6:8d:b7:01:6f:e3:0e oragrid@s11node1
oragrid@s11node1:~$
@node2:
oragrid@s11node2:~$ which ssh-
/usr/bin/ssh-
oragrid@s11node2:~$ ssh-
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/oragrid/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oragrid/.ssh/id_rsa.
Your public key has been saved in /export/home/oragrid/.ssh/id_rsa.pub.
The key fingerprint is:
9c:77:8e:63:bb:06:f3:ba:45:c5:8f:ba:97:29:bb:e6 oragrid@s11node2
oragrid@s11node2:~$
Both the generated private and public key are stored at the default loc $HOME/.ssh
oragrid@s11node1:~$ ls -
total 7
-
-
oragrid@s11node1:~$
2. Configure User Authentication with public keys by adding entries in the file authorized_keys of the remote hosts.
@node1, copy contents of the local id_rsa.pub onto the file $HOME/.ssh/authorized_keys in node2. When prompted, enter oragrid password of node2.
oragrid@s11node1:~$ cat $HOME/.ssh/id_rsa.pub | ssh s11node2 \
'cat >> .ssh/authorized_keys && echo "Key copied"'
The authenticity of host 's11node2 (172.16.33.121)' can't be established.
RSA key fingerprint is a6:a9:6d:ad:8f:b2:7a:48:89:4b:28:4a:96:b5:9c:13.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 's11node2,172.16.33.121' (RSA) to the list of known hosts.
Password:
Key copied
oragrid@s11node1:~$
@node2, copy contents of the local id_rsa.pub onto the file $HOME/.ssh/authorized_keys in node1. When prompted, enter oragrid password of node1.
oragrid@s11node2:~$ cat $HOME/.ssh/id_rsa.pub | ssh s11node1 \
'cat >> .ssh/authorized_keys && echo "Key copied"'
The authenticity of host 's11node1 (172.16.33.120)' can't be established.
RSA key fingerprint is 6c:a5:4b:c7:3f:f2:cc:56:92:a4:63:25:48:69:27:03.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 's11node1,172.16.33.120' (RSA) to the list of known hosts.
Password:
Key copied
oragrid@s11node2:~$
Verify that the authorized_keys file were created on each node.
oragrid@s11node1:~$ ls -
total 11
-
-
-
-
oragrid@s11node1:~$
oragrid@s11node2:~$ ls -
total 11
-
-
-
-
oragrid@s11node2:~$
3. Test user authentication with no password for remote ssh.
@node1, do remote connect to node2 and you should not be prompted with a password.
oragrid@s11node1:~$ ssh s11node2
Last login: Tue Jan 27 17:26:24 2015 from s11node1
Oracle Corporation SunOS 5.11 11.2 June 2014
oragrid@s11node2:~$
@node2, do remote connect to node1 and you should not be prompted with a password.
oragrid@s11node2:~$ ssh s11node1
Last login: Tue Jan 27 17:27:39 2015 from s11node2
Oracle Corporation SunOS 5.11 11.2 June 2014
oragrid@s11node1:~$