()

How to Enable Passwordless SSH login in Linux


PasswordLess SSH configuration is required to perform various types of activities at the time of installation to configure members of cluster nodes, after the installation assistant configuration, Opatch, Enterprise manager, and many other features/commands.

We have two options to configure PasswordLess SSH either using OUI which creates RSA encryption keys on all cluster nodes or manual configuration for PasswordLess SSH using DSA or RSA keys on all nodes.

In this article, we will demonstrate How to Enable Passwordless SSH login in Linux using DSA keys on two node RAC cluster nodes. Follow the below steps.

1. Cleanup: Cleanup of directory .ssh under the user’s home directory if it exists This is an optional step.

[grid@dbsgururc01 ~]$ rm -rf .ssh
[grid@dbsgururc01 ~]$ ls -ld .ssh
ls: cannot access .ssh: No such file or directory


2. Validate the user equivalency: Validate the user on the working terminal for the group.

[grid@dbsgururc01 ~]$ id
uid=54322(grid) gid=54321(oinstall) groups=54321(oinstall),980(vboxsf),54322(dba),54331(asmadmin),54332(asmdba),54333(asmoper) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[grid@dbsgururc01 ~]$


3. Create a directory and grant permission: Create a directory in the user’s home and grant permission 700.

[grid@dbsgururc01 ~]$ mkdir .ssh
[grid@dbsgururc01 ~]$ chmod 700 .ssh
[grid@dbsgururc01 ~]$ ls -ld .ssh
drwx------. 2 grid oinstall 6 Oct  4 15:56 .ssh
[grid@dbsgururc01 ~]$ cd .ssh
[grid@dbsgururc01 .ssh]$ pwd
/home/grid/.ssh
[grid@dbsgururc01 .ssh]$


4. Generate passphrase: Execute the below command to save the passphrase and accept the default location.

[grid@dbsgururc01 .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:bkdKxmcsYxjr/KHGbdAZ+814PtfyVRWcqvZssLTQprw grid@dbsgururc01.localdomain
The key's randomart image is:
+---[DSA 1024]----+
|              ...|
|               o.|
|      .       . .|
|       =..   .  .|
|      o.S+* .   .|
|     o.=+O B    .|
|     .oo*.B+*  ..|
|      o+o=oo=+o o|
|     ....E.ooo o.|
+----[SHA256]-----+

[grid@dbsgururc01 .ssh]$ ls -lrt
total 20
-rw-r--r--. 1 grid oinstall  618 Oct  4 15:59 id_dsa.pub
-rw-------. 1 grid oinstall  668 Oct  4 15:59 id_dsa

[grid@dbsgururc01 .ssh]$


5. Repeat: Follow steps 1 to 4 on all remote nodes on which you want to make passwordless connectivity.

6. Copy to authorized_keys: Append/copy the DSA key to a file called authorized_keys

grid@dbsgururc01 .ssh]$ cat *.pub >> authorized_keys
[grid@dbsgururc01 .ssh]$ cp authorized_keys authorized_keys_dbsgururc01
[grid@dbsgururc01 .ssh]$ ls -lrt
total 24
-rw-r--r--. 1 grid oinstall  618 Oct  4 15:59 id_dsa.pub
-rw-------. 1 grid oinstall  668 Oct  4 15:59 id_dsa
-rw-r--r--. 1 grid oinstall 1028 Oct  4 16:12 authorized_keys
-rw-r--r--. 1 grid oinstall 1028 Oct  4 16:15 authorized_keys_dbsgururc01
[grid@dbsgururc01 .ssh]$

[grid@dbsgururc01 .ssh]$ cat authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBAMvIgBVm5/vynwkFzOsd07tEKCMaEQYcxyO+KOiWVMP1zAaEsvW+WClQAb6ZkpywHWOAyMQO4UQ5UnqV/HYr01aNNPKHbH/f/aR0Nw/7rvKW0zcoQutU/rid5GFZe6ZxBHQg9aVYtDuSkhqme+Q3tCNSlknilCcwdUf4e/5J/XDJAAAAFQCNjk5i5YO+ZT2MpdKknLbol80LxwAAAIBLO4+tlUsZjmNgLIWIjAFIoWMlboNis7rkZhLHxTdrGe10yJwQJxmqJxx0cocQnnylYwRs8uWTNWptCrazXR2c8L6h6qvXJpKtnPLd5xMwGYH+q2sAyiQ3nHK8CCQqCQmHE+FBGUg3LdYAuLdDKivzwj5qMOhSYuFViNP2SZgclwAAAIATnCA2PJUBe1lXnOkGjRXfr5iBsnqBltI9DhnKr/mbxd3yErRKCAY8X4EUeFd7Rr9OLerlB8hOs+PcSvHc8x2aknqH+DnZKRwPRTAC8o3J8K3vTKDvAz/DWVxR/z276OuDTrZwSCkqqJR/pl9/1U61zdtIDf1dJ8QsS82lcLc7qg== grid@dbsgururc01.localdomain
[grid@dbsgururc01 .ssh]$


7. Transfer authorized_keys on remote nodes: Transfer authorized_keys on all remote nodes from the login node using scp or SFTP.

grid@dbsgururc01 .ssh]$ scp authorized_keys dbsgururc02:/home/grid/.ssh/
The authenticity of host 'dbsgururc02 (192.168.56.112)' can't be established.
ECDSA key fingerprint is SHA256:yFE4OLugDdyCo4dDWlrEL9XEOkEq26L3DUhNPbYWH8o.
ECDSA key fingerprint is MD5:e4:61:26:a5:df:e3:dc:c2:c9:0d:fb:f5:1f:e2:d2:5e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dbsgururc02,192.168.56.112' (ECDSA) to the list of known hosts.
grid@dbsgururc02's password:
authorized_keys                                                                                                                                                       100% 1028   826.6KB/s   00:00
[grid@dbsgururc01 .ssh]$


8. Repeat steps: Follow steps 6 & 7 on all remote nodes.

9. Time to validate: Now it’s time to validate passwordless connectivity among all remote nodes. Follow the below commands to validate from the individual node.


Node 1: dbsgururc01

[grid@dbsgururc01 .ssh]$ ssh dbsgururc02 date
Tue Oct  4 16:30:48 IST 2022
[grid@dbsgururc01 .ssh]$ touch test.txt
[grid@dbsgururc01 .ssh]$ ls -lrt test.txt
-rw-r--r--. 1 grid oinstall 0 Oct  4 16:32 test.txt
[grid@dbsgururc01 .ssh]$ scp test.txt dbsgururc02:/home/grid/
test.txt                                                                                                                                                              100%    0     0.0KB/s   00:00
[grid@dbsgururc01 .ssh]$ ssh dbsgururc02 ls -lrt /home/grid/test.txt
-rw-r--r--. 1 grid oinstall 0 Oct  4 16:32 /home/grid/test.txt
[grid@dbsgururc01 .ssh]$


Node 2: dbsgururc02

[grid@dbsgururc02 .ssh]$ ssh dbsgururc01 date
Tue Oct  4 16:30:57 IST 2022
[grid@dbsgururc02 .ssh]$ ssh dbsgururc01 date
Tue Oct  4 16:34:34 IST 2022
[grid@dbsgururc02 .ssh]$ touch test1
[grid@dbsgururc02 .ssh]$ ls -lrt test1
-rw-r--r--. 1 grid oinstall 0 Oct  4 16:35 test1
[grid@dbsgururc02 .ssh]$ scp test1 dbsgururc01:/home/grid/
test1                                                                                                                                                                 100%    0     0.0KB/s   00:00
[grid@dbsgururc02 .ssh]$ ssh dbsgururc01 ls -lrt /home/grid/test1
-rw-r--r--. 1 grid oinstall 0 Oct  4 16:36 /home/grid/test1


This document is just for learning purposes and always validate in the LAB environment first before applying it in the LIVE environment.


Hope so you like this article
!
Please share your valuable feedback/comments/subscribe and follow us below and don’t forget to click on the bell icon to get the most recent update. Click here to understand more about our pursuit.

 

Related Articles


Loading

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow us on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

DBsGuru

Hello and welcome to DBsGuru,DBsGuru is a group of experienced DBA professionals and serves databases and their related community by providing technical blogs, projects, training. Technical blogs are the source of vast information not about databases but its related product like middleware, PL/SQL, replication methodology, and so on.Thanks for the visits!Share Learn Grow!