How to Enable PasswordLess SSH login in Linux

How to Enable Passwordless SSH login in Linux


PasswordLess SSH configuration is required to perform various types of activities at the time of installation to configure members of cluster nodes, after the installation assistant configuration, Opatch, Enterprise manager, and many other features/commands.

We have two options to configure PasswordLess SSH either using OUI which creates RSA encryption keys on all cluster nodes or manual configuration for PasswordLess SSH using DSA or RSA keys on all nodes.

In this article, we will demonstrate How to Enable Passwordless SSH login in Linux using DSA keys on two node RAC cluster nodes. Follow the below steps.

1. Cleanup: Cleanup of directory .ssh under the user’s home directory if it exists This is an optional step.

[[email protected] ~]$ rm -rf .ssh
[[email protected] ~]$ ls -ld .ssh
ls: cannot access .ssh: No such file or directory


2. Validate the user equivalency: Validate the user on the working terminal for the group.

[[email protected] ~]$ id
uid=54322(grid) gid=54321(oinstall) groups=54321(oinstall),980(vboxsf),54322(dba),54331(asmadmin),54332(asmdba),54333(asmoper) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[[email protected] ~]$


3. Create a directory and grant permission: Create a directory in the user’s home and grant permission 700.

[[email protected] ~]$ mkdir .ssh
[[email protected] ~]$ chmod 700 .ssh
[[email protected] ~]$ ls -ld .ssh
drwx------. 2 grid oinstall 6 Oct  4 15:56 .ssh
[[email protected] ~]$ cd .ssh
[[email protected] .ssh]$ pwd
/home/grid/.ssh
[[email protected] .ssh]$


4. Generate passphrase: Execute the below command to save the passphrase and accept the default location.

[[email protected] .ssh]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:bkdKxmcsYxjr/KHGbdAZ+814PtfyVRWcqvZssLTQprw [email protected]
The key's randomart image is:
+---[DSA 1024]----+
|              ...|
|               o.|
|      .       . .|
|       =..   .  .|
|      o.S+* .   .|
|     o.=+O B    .|
|     .oo*.B+*  ..|
|      o+o=oo=+o o|
|     ....E.ooo o.|
+----[SHA256]-----+

[[email protected] .ssh]$ ls -lrt
total 20
-rw-r--r--. 1 grid oinstall  618 Oct  4 15:59 id_dsa.pub
-rw-------. 1 grid oinstall  668 Oct  4 15:59 id_dsa

[[email protected] .ssh]$


5. Repeat: Follow steps 1 to 4 on all remote nodes on which you want to make passwordless connectivity.

6. Copy to authorized_keys: Append/copy the DSA key to a file called authorized_keys

[email protected] .ssh]$ cat *.pub >> authorized_keys
[[email protected] .ssh]$ cp authorized_keys authorized_keys_dbsgururc01
[[email protected] .ssh]$ ls -lrt
total 24
-rw-r--r--. 1 grid oinstall  618 Oct  4 15:59 id_dsa.pub
-rw-------. 1 grid oinstall  668 Oct  4 15:59 id_dsa
-rw-r--r--. 1 grid oinstall 1028 Oct  4 16:12 authorized_keys
-rw-r--r--. 1 grid oinstall 1028 Oct  4 16:15 authorized_keys_dbsgururc01
[[email protected] .ssh]$

[[email protected] .ssh]$ cat authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBAMvIgBVm5/vynwkFzOsd07tEKCMaEQYcxyO+KOiWVMP1zAaEsvW+WClQAb6ZkpywHWOAyMQO4UQ5UnqV/HYr01aNNPKHbH/f/aR0Nw/7rvKW0zcoQutU/rid5GFZe6ZxBHQg9aVYtDuSkhqme+Q3tCNSlknilCcwdUf4e/5J/XDJAAAAFQCNjk5i5YO+ZT2MpdKknLbol80LxwAAAIBLO4+tlUsZjmNgLIWIjAFIoWMlboNis7rkZhLHxTdrGe10yJwQJxmqJxx0cocQnnylYwRs8uWTNWptCrazXR2c8L6h6qvXJpKtnPLd5xMwGYH+q2sAyiQ3nHK8CCQqCQmHE+FBGUg3LdYAuLdDKivzwj5qMOhSYuFViNP2SZgclwAAAIATnCA2PJUBe1lXnOkGjRXfr5iBsnqBltI9DhnKr/mbxd3yErRKCAY8X4EUeFd7Rr9OLerlB8hOs+PcSvHc8x2aknqH+DnZKRwPRTAC8o3J8K3vTKDvAz/DWVxR/z276OuDTrZwSCkqqJR/pl9/1U61zdtIDf1dJ8QsS82lcLc7qg== [email protected]
[[email protected] .ssh]$


7. Transfer authorized_keys on remote nodes: Transfer authorized_keys on all remote nodes from the login node using scp or SFTP.

[email protected] .ssh]$ scp authorized_keys dbsgururc02:/home/grid/.ssh/
The authenticity of host 'dbsgururc02 (192.168.56.112)' can't be established.
ECDSA key fingerprint is SHA256:yFE4OLugDdyCo4dDWlrEL9XEOkEq26L3DUhNPbYWH8o.
ECDSA key fingerprint is MD5:e4:61:26:a5:df:e3:dc:c2:c9:0d:fb:f5:1f:e2:d2:5e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dbsgururc02,192.168.56.112' (ECDSA) to the list of known hosts.
[email protected]'s password:
authorized_keys                                                                                                                                                       100% 1028   826.6KB/s   00:00
[[email protected] .ssh]$


8. Repeat steps: Follow steps 6 & 7 on all remote nodes.

9. Time to validate: Now it’s time to validate passwordless connectivity among all remote nodes. Follow the below commands to validate from the individual node.


Node 1: dbsgururc01

[[email protected] .ssh]$ ssh dbsgururc02 date
Tue Oct  4 16:30:48 IST 2022
[[email protected] .ssh]$ touch test.txt
[[email protected] .ssh]$ ls -lrt test.txt
-rw-r--r--. 1 grid oinstall 0 Oct  4 16:32 test.txt
[[email protected] .ssh]$ scp test.txt dbsgururc02:/home/grid/
test.txt                                                                                                                                                              100%    0     0.0KB/s   00:00
[[email protected] .ssh]$ ssh dbsgururc02 ls -lrt /home/grid/test.txt
-rw-r--r--. 1 grid oinstall 0 Oct  4 16:32 /home/grid/test.txt
[[email protected] .ssh]$


Node 2: dbsgururc02

[[email protected] .ssh]$ ssh dbsgururc01 date
Tue Oct  4 16:30:57 IST 2022
[[email protected] .ssh]$ ssh dbsgururc01 date
Tue Oct  4 16:34:34 IST 2022
[[email protected] .ssh]$ touch test1
[[email protected] .ssh]$ ls -lrt test1
-rw-r--r--. 1 grid oinstall 0 Oct  4 16:35 test1
[[email protected] .ssh]$ scp test1 dbsgururc01:/home/grid/
test1                                                                                                                                                                 100%    0     0.0KB/s   00:00
[[email protected] .ssh]$ ssh dbsgururc01 ls -lrt /home/grid/test1
-rw-r--r--. 1 grid oinstall 0 Oct  4 16:36 /home/grid/test1


This document is just for learning purposes and always validate in the LAB environment first before applying it in the LIVE environment.


Hope so you like this article
!
Please share your valuable feedback/comments/subscribe and follow us below and don’t forget to click on the bell icon to get the most recent update. Click here to understand more about our pursuit.

 

Related Articles


Loading

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow us on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply

Your email address will not be published. Required fields are marked *