How to Enable Passwordless SSH login in Linux
PasswordLess SSH configuration is required to perform various types of activities at the time of installation to configure members of cluster nodes, after the installation assistant configuration, Opatch, Enterprise manager, and many other features/commands.
We have two options to configure PasswordLess SSH either using OUI which creates RSA encryption keys on all cluster nodes or manual configuration for PasswordLess SSH using DSA or RSA keys on all nodes.
In this article, we will demonstrate How to Enable Passwordless SSH login in Linux using DSA keys on two node RAC cluster nodes. Follow the below steps.
1. Cleanup: Cleanup of directory .ssh under the user’s home directory if it exists This is an optional step.
[[email protected] ~]$ rm -rf .ssh
[[email protected] ~]$ ls -ld .ssh
ls: cannot access .ssh: No such file or directory
2. Validate the user equivalency: Validate the user on the working terminal for the group.
[[email protected] ~]$ id
uid=54322(grid) gid=54321(oinstall) groups=54321(oinstall),980(vboxsf),54322(dba),54331(asmadmin),54332(asmdba),54333(asmoper) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[[email protected] ~]$
3. Create a directory and grant permission: Create a directory in the user’s home and grant permission 700.
[[email protected] ~]$ mkdir .ssh
[[email protected] ~]$ chmod 700 .ssh
[[email protected] ~]$ ls -ld .ssh
drwx------. 2 grid oinstall 6 Oct 4 15:56 .ssh
[[email protected] ~]$ cd .ssh
[[email protected] .ssh]$ pwd
/home/grid/.ssh
[[email protected] .ssh]$
4. Generate passphrase: Execute the below command to save the passphrase and accept the default location.
[[email protected] .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:bkdKxmcsYxjr/KHGbdAZ+814PtfyVRWcqvZssLTQprw [email protected]
The key's randomart image is:
+---[DSA 1024]----+
| ...|
| o.|
| . . .|
| =.. . .|
| o.S+* . .|
| o.=+O B .|
| .oo*.B+* ..|
| o+o=oo=+o o|
| ....E.ooo o.|
+----[SHA256]-----+
[[email protected] .ssh]$ ls -lrt
total 20
-rw-r--r--. 1 grid oinstall 618 Oct 4 15:59 id_dsa.pub
-rw-------. 1 grid oinstall 668 Oct 4 15:59 id_dsa
[[email protected] .ssh]$
5. Repeat: Follow steps 1 to 4 on all remote nodes on which you want to make passwordless connectivity.
6. Copy to authorized_keys: Append/copy the DSA key to a file called authorized_keys
[email protected] .ssh]$ cat *.pub >> authorized_keys
[[email protected] .ssh]$ cp authorized_keys authorized_keys_dbsgururc01
[[email protected] .ssh]$ ls -lrt
total 24
-rw-r--r--. 1 grid oinstall 618 Oct 4 15:59 id_dsa.pub
-rw-------. 1 grid oinstall 668 Oct 4 15:59 id_dsa
-rw-r--r--. 1 grid oinstall 1028 Oct 4 16:12 authorized_keys
-rw-r--r--. 1 grid oinstall 1028 Oct 4 16:15 authorized_keys_dbsgururc01
[[email protected] .ssh]$
[[email protected] .ssh]$ cat authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBAMvIgBVm5/vynwkFzOsd07tEKCMaEQYcxyO+KOiWVMP1zAaEsvW+WClQAb6ZkpywHWOAyMQO4UQ5UnqV/HYr01aNNPKHbH/f/aR0Nw/7rvKW0zcoQutU/rid5GFZe6ZxBHQg9aVYtDuSkhqme+Q3tCNSlknilCcwdUf4e/5J/XDJAAAAFQCNjk5i5YO+ZT2MpdKknLbol80LxwAAAIBLO4+tlUsZjmNgLIWIjAFIoWMlboNis7rkZhLHxTdrGe10yJwQJxmqJxx0cocQnnylYwRs8uWTNWptCrazXR2c8L6h6qvXJpKtnPLd5xMwGYH+q2sAyiQ3nHK8CCQqCQmHE+FBGUg3LdYAuLdDKivzwj5qMOhSYuFViNP2SZgclwAAAIATnCA2PJUBe1lXnOkGjRXfr5iBsnqBltI9DhnKr/mbxd3yErRKCAY8X4EUeFd7Rr9OLerlB8hOs+PcSvHc8x2aknqH+DnZKRwPRTAC8o3J8K3vTKDvAz/DWVxR/z276OuDTrZwSCkqqJR/pl9/1U61zdtIDf1dJ8QsS82lcLc7qg== [email protected]
[[email protected] .ssh]$
7. Transfer authorized_keys on remote nodes: Transfer authorized_keys on all remote nodes from the login node using scp or SFTP.
[email protected] .ssh]$ scp authorized_keys dbsgururc02:/home/grid/.ssh/
The authenticity of host 'dbsgururc02 (192.168.56.112)' can't be established.
ECDSA key fingerprint is SHA256:yFE4OLugDdyCo4dDWlrEL9XEOkEq26L3DUhNPbYWH8o.
ECDSA key fingerprint is MD5:e4:61:26:a5:df:e3:dc:c2:c9:0d:fb:f5:1f:e2:d2:5e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dbsgururc02,192.168.56.112' (ECDSA) to the list of known hosts.
[email protected]'s password:
authorized_keys 100% 1028 826.6KB/s 00:00
[[email protected] .ssh]$
8. Repeat steps: Follow steps 6 & 7 on all remote nodes.
9. Time to validate: Now it’s time to validate passwordless connectivity among all remote nodes. Follow the below commands to validate from the individual node.
Node 1: dbsgururc01
[[email protected] .ssh]$ ssh dbsgururc02 date
Tue Oct 4 16:30:48 IST 2022
[[email protected] .ssh]$ touch test.txt
[[email protected] .ssh]$ ls -lrt test.txt
-rw-r--r--. 1 grid oinstall 0 Oct 4 16:32 test.txt
[[email protected] .ssh]$ scp test.txt dbsgururc02:/home/grid/
test.txt 100% 0 0.0KB/s 00:00
[[email protected] .ssh]$ ssh dbsgururc02 ls -lrt /home/grid/test.txt
-rw-r--r--. 1 grid oinstall 0 Oct 4 16:32 /home/grid/test.txt
[[email protected] .ssh]$
Node 2: dbsgururc02
[[email protected] .ssh]$ ssh dbsgururc01 date
Tue Oct 4 16:30:57 IST 2022
[[email protected] .ssh]$ ssh dbsgururc01 date
Tue Oct 4 16:34:34 IST 2022
[[email protected] .ssh]$ touch test1
[[email protected] .ssh]$ ls -lrt test1
-rw-r--r--. 1 grid oinstall 0 Oct 4 16:35 test1
[[email protected] .ssh]$ scp test1 dbsgururc01:/home/grid/
test1 100% 0 0.0KB/s 00:00
[[email protected] .ssh]$ ssh dbsgururc01 ls -lrt /home/grid/test1
-rw-r--r--. 1 grid oinstall 0 Oct 4 16:36 /home/grid/test1
This document is just for learning purposes and always validate in the LAB environment first before applying it in the LIVE environment.
Hope so you like this article!
Please share your valuable feedback/comments/subscribe and follow us below and don’t forget to click on the bell icon to get the most recent update. Click here to understand more about our pursuit.
Related Articles
- Oracle Critical Database Patch ID for April 2023 along with enabled Download Link
- Oracle Critical Database Patch ID for January 2023 along with enabled Download Link
- Steps to Apply Combo Patch (Oct 2022) on Clusterware in Two Node RAC in Oracle
- How to Enable PasswordLess SSH login in Linux
- Oracle Critical Database Patch ID for October 2022 along with enabled Download Link
Hello and welcome to DBsGuru,
DBsGuru is a group of experienced DBA professionals and serves databases and their related community by providing technical blogs, projects, training.
Technical blogs are the source of vast information not about databases but its related product like middleware, PL/SQL, replication methodology, and so on.
Thanks for the visits!
Share Learn Grow!
