• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to configure passwordless ssh in Solaris

By admin

The post details out steps to configure passwordless ssh using RSA Public Key Authentication, in other words: passwordless login using public Key. This procedure is used to reduce the number of login prompts needed to do secure remote login with Sun Secure Shell (SSH) this including also SCP ( Secure Copy) and SFTP ( Secure File Transfer).

Note: Its the same steps even for dsa keys , except the “ssh-keygen -t dsa” and stored files. ( /.ssh/id_dsa)

Configuring passwordless ssh

To configure SSH to use an id_rsa key to log in, follow these steps.

1. Generate private and public key pair on the client machine (localhost).

# ssh-keygen -t rsa

ssh-keygen will require a key type (-t). From the man page of ssh-keygen :

-t type              Specifies the algorithm  used  for  the key, where type is one of rsa, dsa, and rsa1.

2. This will create two new files ( Public and Private RSA keys ) under the $HOME/.ssh/* of the user who fired the command.

id_rsa ( Private Key)
id_rsa.pub ( Public Key)

3. After generating the RSA key we need to Copy the public key (id_rsa.pub) and append the key to the $HOME/.ssh/authorized_keys file in user home directory on the remote host. For example root transfer the file to the remote user using ssh or scp:

# cat ~/.ssh/id_rsa.pub | ssh remotehost 'cat >>~/.ssh/authorized_keys && echo "Host Key Copied"'

-or-

# scp $HOME/.ssh/id_rsa.pub remotehost:$HOME/.ssh/id_rsa.pub.copy

4. Verify if everything works as needed by logging into the remote system without a password. You can also view the public RSA key into the authorized_keys file of the remote host.

# ssh remotehost
# cd $HOME/.ssh
# cat authorized_keys

Troubleshooting

If you have followed the steps given above and still you are prompted for a password, follow the steps (checklist) given below to troubleshoot the issue.
1. The key must appear in the authorized_keys file as a single unbroken line when viewed in vi command mode utilizing “set list”. Carriage returns will appear as “$” characters in “set list” mode of vi when viewing the key string. You can edit the line containing the key if it is not in the correct format.

2. If you get the password prompt instead, check that the permission of /export/home (assuming the home directory is /export/home/[userid]) is 755 with world readable. This permission setting is necessary because before reading the $HOME/.ssh/authorized_keys file, the sshd remote host must seteuid to the login id. To do this, the /export/home needs to be world readable.

3. The file $HOME/.ssh/authorized_keys is world-writeable, as shown here for the user “user01”:

$ pwd
/export/home/user01/.ssh 
$ ls -la 
total 14 
drwxrwxrwx 2 user01 staff 512 Jun 11 15:41 . 
drwxrwxrwx 4 user01 staff 512 Jun 11 15:14 .. 
-rwxrwxrwx 1 user01 other 223 Jun 11 14:06 authorized_keys 
-rw-r--r-- 1 user01 user01 24 Jun 11 15:14 config 
-rw------- 1 user01 other 951 Jun 11 15:35 id_rsa 
-rw-r--r-- 1 user01 other 228 Jun 11 15:35 id_rsa.pub 
-rw-r--r-- 1 user01 other 231 Jun 11 15:47 known_hosts

To over-ride this behaviour, edit the /etc/ssh/sshd_config file “StrictModes” entry from “yes” (default) to “no“:

# grep StrictModes /etc/ssh/sshd_config 
StrictModes yes

Restart the sshd service after this.
For Solaris 9

# /etc/init.d/ssh stop 
# /etc/init.d/ssh start

For Solaris 10

# svcadm refresh ssh

4. You may need to check the file /etc/ssh/sshd_config if any of the default settings (YES) have been changed to “NO” for the below parameters.

- PubkeyAuthentication
- RSAAuthentication

5. The final step is to debug the ssh session. This will help follow the connection stream and show where if fails. Look for the string : “Next authentication method: publickey“.

# ssh -v -v -v user@hostname
How to setup passwordless SSH login in Linux

Filed Under: Solaris

Some more articles you might also be interested in …

  1. How to Identify ZFS Snapshot Differences using “zfs diff”
  2. How to log SSH login attempts to a file in Solaris
  3. How to troubleshoot Solaris 10 SMF (Service Management Facility) related issues
  4. Script for finding the process using a specific port in Solaris
  5. How to add swap file in Solaris
  6. How to Backup and Restore ZFS root pool in Solaris 10
  7. How to configure NTP client in Solaris 8,9,10 and non-global zones
  8. Howto Verify If a Bootblk is Installed on the Boot Disk (SPARC)
  9. Solaris 10 patching with SVM : Traditional method (non-live upgrade)
  10. How to find Number of Physical/Logical CPUs, cores and memory in Solaris

You May Also Like

Primary Sidebar

Recent Posts

  • What are Command Rules in oracle Database
  • Using Rule Sets in Oracle Database Vault
  • How Realms Work in Oracle Database Vault
  • How to use Privilege Analysis in Oracle Database
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary