This Blog is intended to collect information of my various Intrests,pen my opinion on the information gathered and not intended to educate any one of the information posted,but are most welcome to share there view on them
Saturday, August 14, 2010
Configuring Passwordless SSH
For any cluster configuration the 1st requirement would be to configure passwordless ssh (key based authentication) for root and application user. Many system administrators know the steps but often spend lots of time troubleshooting just because missing one or two small steps. I put together the required steps to configure passwordless with a couple of troubleshooting steps.
Configuring Passwordless SSH
Please follow the below steps to configure password-less ssh. In this example I am configuring password-less ssh between two servers for pwssh user on vcsnode1 server and vcsuser user on vcsnode2 server.
1. Enable key based authentication in the SSH Configuration file and restart sshd daemon.
2. Login on any of the server with the username for which you want to configure password-less ssh.
3. Generate a key (RSA or DSA) using the following command. You can choose any type of key (RSA or DSA). RSA stands for Rivest, Shamir and Adleman who first publicly described it. It is the first algorithm known to be suitable for signing as well as encryption. DSA stands for Digital Signature Algorithm (DSA). It is a is aUnited States Federal Governmentstandard or FIPS for digital signatures. For more details on RSA and DSA please visit the below URL’s.
Note : Make sure you do not provide any passphrase. If you provide the passphrase, you would have to provide the passphrase while connecting to the server through ssh (as good as providing the password).
4. Once you generate the key, it would create two files in $HOME/.ssh folder for the user as given below.
6. Login to remote host (vcsnode2 in this case) and copy the public key to authorized_keys file in $HOME/.ssh folder for the target user on remote host (Home directory of vcsuser user on vcsnode2 server in this case).
8. Check whether password-less ssh is working by executing the following command.
[pwssh@vcsnode1 .ssh]$ ssh vcsuser@vcsnode2 date
Fri Jan 22 21:16:27 IST 2010
Troubleshooting Password-Less SSH
After performing all the above steps, if ssh is asking password while connecting to the remote host, please check the following.
1. Key Based authentication must be enabled in the SSH Configuration file (In case of openssh, the config file would be /etc/ssh/sshd_config).
2. Permissions of $HOME/.ssh folder (.ssh folder in home directory of user) should be 700 (drwx——)
3. Permissions on authorized_keys file in $HOME/.ssh folder should be 740
4. Permissions on id_dsa or id_rsa (depending upon the algorithm type used) file in $HOME/.ssh folder should be 600
5. Permissions on id_dsa.pub or id_rsa.pub file in $HOME/.ssh folder should be 640
6. Permissions on known_hosts files in $HOME/.ssh folder should be 640.
7. Make sure the $HOME/.ssh folder and all the above mentioned files in $HOME/.ssh folder has correct ownership (example. If you logged in using pwssh user then the ownership on the .ssh folder and all the files inside .ssh folder should be pwssh:pwssh).
If you find any discrepancies in your configuration, correct it and you should be able to access the remote server without password.