How to Enable Passwordless SSH login in Linux
PasswordLess SSH configuration is required to perform various types of activities at the time of installation to configure members of cluster nodes, after the installation assistant configuration, Opatch, Enterprise manager, and many other features/commands.
We have two options to configure PasswordLess SSH either using OUI which creates RSA encryption keys on all cluster nodes or manual configuration for PasswordLess SSH using DSA or RSA keys on all nodes.
In this article, we will demonstrate How to Enable Passwordless SSH login in Linux using DSA keys on two node RAC cluster nodes. Follow the below steps.
1. Cleanup: Cleanup of directory .ssh under the user’s home directory if it exists This is an optional step.
[grid@dbsgururc01 ~]$ rm -rf .ssh
[grid@dbsgururc01 ~]$ ls -ld .ssh
ls: cannot access .ssh: No such file or directory
2. Validate the user equivalency: Validate the user on the working terminal for the group.
[grid@dbsgururc01 ~]$ id
uid=54322(grid) gid=54321(oinstall) groups=54321(oinstall),980(vboxsf),54322(dba),54331(asmadmin),54332(asmdba),54333(asmoper) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[grid@dbsgururc01 ~]$
3. Create a directory and grant permission: Create a directory in the user’s home and grant permission 700.
[grid@dbsgururc01 ~]$ mkdir .ssh
[grid@dbsgururc01 ~]$ chmod 700 .ssh
[grid@dbsgururc01 ~]$ ls -ld .ssh
drwx------. 2 grid oinstall 6 Oct 4 15:56 .ssh
[grid@dbsgururc01 ~]$ cd .ssh
[grid@dbsgururc01 .ssh]$ pwd
/home/grid/.ssh
[grid@dbsgururc01 .ssh]$
4. Generate passphrase: Execute the below command to save the passphrase and accept the default location.
[grid@dbsgururc01 .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:bkdKxmcsYxjr/KHGbdAZ+814PtfyVRWcqvZssLTQprw grid@dbsgururc01.localdomain
The key's randomart image is:
+---[DSA 1024]----+
| ...|
| o.|
| . . .|
| =.. . .|
| o.S+* . .|
| o.=+O B .|
| .oo*.B+* ..|
| o+o=oo=+o o|
| ....E.ooo o.|
+----[SHA256]-----+
[grid@dbsgururc01 .ssh]$ ls -lrt
total 20
-rw-r--r--. 1 grid oinstall 618 Oct 4 15:59 id_dsa.pub
-rw-------. 1 grid oinstall 668 Oct 4 15:59 id_dsa
[grid@dbsgururc01 .ssh]$
5. Repeat: Follow steps 1 to 4 on all remote nodes on which you want to make passwordless connectivity.
6. Copy to authorized_keys: Append/copy the DSA key to a file called authorized_keys
grid@dbsgururc01 .ssh]$ cat *.pub >> authorized_keys
[grid@dbsgururc01 .ssh]$ cp authorized_keys authorized_keys_dbsgururc01
[grid@dbsgururc01 .ssh]$ ls -lrt
total 24
-rw-r--r--. 1 grid oinstall 618 Oct 4 15:59 id_dsa.pub
-rw-------. 1 grid oinstall 668 Oct 4 15:59 id_dsa
-rw-r--r--. 1 grid oinstall 1028 Oct 4 16:12 authorized_keys
-rw-r--r--. 1 grid oinstall 1028 Oct 4 16:15 authorized_keys_dbsgururc01
[grid@dbsgururc01 .ssh]$
[grid@dbsgururc01 .ssh]$ cat authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBAMvIgBVm5/vynwkFzOsd07tEKCMaEQYcxyO+KOiWVMP1zAaEsvW+WClQAb6ZkpywHWOAyMQO4UQ5UnqV/HYr01aNNPKHbH/f/aR0Nw/7rvKW0zcoQutU/rid5GFZe6ZxBHQg9aVYtDuSkhqme+Q3tCNSlknilCcwdUf4e/5J/XDJAAAAFQCNjk5i5YO+ZT2MpdKknLbol80LxwAAAIBLO4+tlUsZjmNgLIWIjAFIoWMlboNis7rkZhLHxTdrGe10yJwQJxmqJxx0cocQnnylYwRs8uWTNWptCrazXR2c8L6h6qvXJpKtnPLd5xMwGYH+q2sAyiQ3nHK8CCQqCQmHE+FBGUg3LdYAuLdDKivzwj5qMOhSYuFViNP2SZgclwAAAIATnCA2PJUBe1lXnOkGjRXfr5iBsnqBltI9DhnKr/mbxd3yErRKCAY8X4EUeFd7Rr9OLerlB8hOs+PcSvHc8x2aknqH+DnZKRwPRTAC8o3J8K3vTKDvAz/DWVxR/z276OuDTrZwSCkqqJR/pl9/1U61zdtIDf1dJ8QsS82lcLc7qg== grid@dbsgururc01.localdomain
[grid@dbsgururc01 .ssh]$
7. Transfer authorized_keys on remote nodes: Transfer authorized_keys on all remote nodes from the login node using scp or SFTP.
grid@dbsgururc01 .ssh]$ scp authorized_keys dbsgururc02:/home/grid/.ssh/
The authenticity of host 'dbsgururc02 (192.168.56.112)' can't be established.
ECDSA key fingerprint is SHA256:yFE4OLugDdyCo4dDWlrEL9XEOkEq26L3DUhNPbYWH8o.
ECDSA key fingerprint is MD5:e4:61:26:a5:df:e3:dc:c2:c9:0d:fb:f5:1f:e2:d2:5e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dbsgururc02,192.168.56.112' (ECDSA) to the list of known hosts.
grid@dbsgururc02's password:
authorized_keys 100% 1028 826.6KB/s 00:00
[grid@dbsgururc01 .ssh]$
8. Repeat steps: Follow steps 6 & 7 on all remote nodes.
9. Time to validate: Now it’s time to validate passwordless connectivity among all remote nodes. Follow the below commands to validate from the individual node.
Node 1: dbsgururc01
[grid@dbsgururc01 .ssh]$ ssh dbsgururc02 date
Tue Oct 4 16:30:48 IST 2022
[grid@dbsgururc01 .ssh]$ touch test.txt
[grid@dbsgururc01 .ssh]$ ls -lrt test.txt
-rw-r--r--. 1 grid oinstall 0 Oct 4 16:32 test.txt
[grid@dbsgururc01 .ssh]$ scp test.txt dbsgururc02:/home/grid/
test.txt 100% 0 0.0KB/s 00:00
[grid@dbsgururc01 .ssh]$ ssh dbsgururc02 ls -lrt /home/grid/test.txt
-rw-r--r--. 1 grid oinstall 0 Oct 4 16:32 /home/grid/test.txt
[grid@dbsgururc01 .ssh]$
Node 2: dbsgururc02
[grid@dbsgururc02 .ssh]$ ssh dbsgururc01 date
Tue Oct 4 16:30:57 IST 2022
[grid@dbsgururc02 .ssh]$ ssh dbsgururc01 date
Tue Oct 4 16:34:34 IST 2022
[grid@dbsgururc02 .ssh]$ touch test1
[grid@dbsgururc02 .ssh]$ ls -lrt test1
-rw-r--r--. 1 grid oinstall 0 Oct 4 16:35 test1
[grid@dbsgururc02 .ssh]$ scp test1 dbsgururc01:/home/grid/
test1 100% 0 0.0KB/s 00:00
[grid@dbsgururc02 .ssh]$ ssh dbsgururc01 ls -lrt /home/grid/test1
-rw-r--r--. 1 grid oinstall 0 Oct 4 16:36 /home/grid/test1
This document is just for learning purposes and always validate in the LAB environment first before applying it in the LIVE environment.
Hope so you like this article!
Please share your valuable feedback/comments/subscribe and follow us below and don’t forget to click on the bell icon to get the most recent update. Click here to understand more about our pursuit.
Related Articles
- Oracle Critical Database Patch ID for October 2024 along with enabled Download Link
- Oracle Critical Database Patch ID for July 2024 along with enabled Download Link
- Oracle Critical Database Patch ID for April 2024 along with enabled Download Link
- Oracle Critical Database Patch ID for April 2023 along with enabled Download Link
- Oracle Critical Database Patch ID for January 2023 along with enabled Download Link