Chapter 3. Configure Public Key based SSH Authentication without a password

1. Log in to the first hyperconverged host as the root user.

2. Perform the following steps for each host in the cluster, including the first host.

   1. Use SSH to log in to a host as the root user.

      [root@server1]# ssh root@server1.example.com

      Copy to Clipboard Toggle word wrap

   2. Enter yes to continue connecting.

      [root@server1]# ssh root@server2.example.com
      The authenticity of host 'server2.example.com (192.51.100.28)' can't be established.
      ECDSA key fingerprint is SHA256:Td8KqgVIPXdTIasdfa2xRwn3/asdBasdpnaGM.
      Are you sure you want to continue connecting (yes/no)?

      Copy to Clipboard Toggle word wrap

      This automatically adds the host key of the first host to the known_hosts file on the target host.

      Are you sure you want to continue connecting (yes/no)? yes
      Warning: Permanently added '192.51.100.28' (ECDSA) to the list of known hosts.

      Copy to Clipboard Toggle word wrap

   3. Enter the password for the root user on the target host to complete the login process.

      root@server2.example.com's password: ***************
      Last login: Mon May 27 10:04:49 2019
      [root@server2]#

      Copy to Clipboard Toggle word wrap

   4. Log out of the host.

      [root@server2]# exit
      [root@server1]#

      Copy to Clipboard Toggle word wrap
      Note

      When you log out of the SSH session from the first host to itself, the user and server in the command line prompt stay the same; it is only the session that changes.

      [root@server1]# exit
      [root@server1]#

      Copy to Clipboard Toggle word wrap

Procedure

1. Log in to the first hyperconverged host as the root user.

2. Generate an SSH key that does not use a password.

   1. Start the key generation process.

      # ssh-keygen -t rsa
      Generating public/private rsa key pair.

      Copy to Clipboard Toggle word wrap

   2. Enter a location for the key.

      The default location, shown in parentheses, is used if no other input is provided.

      Enter file in which to save the key (/home/username/.ssh/id_rsa): <location>/<keyname>

      Copy to Clipboard Toggle word wrap

   3. Specify and confirm an empty passphrase by pressing Enter twice.

      Enter passphrase (empty for no passphrase):
      Enter same passphrase again:

      Copy to Clipboard Toggle word wrap

      The private key is saved in <location>/<keyname>. The public key is saved in <location>/<keyname>.pub.

      Your identification has been saved in <location>/<keyname>.
      Your public key has been saved in <location>/<keyname>.pub.
      The key fingerprint is SHA256:8BhZageKrLXM99z5f/AM9aPo/KAUd8ZZFPcPFWqK6+M root@server1.example.com
      The key's randomart image is:
      +---[ECDSA 256]---+
      |      . .      +=|
      | . . . =      o.o|
      |  + . * .    o...|
      | = . . *  . + +..|
      |. + . . So o * ..|
      |   . o . .+ =  ..|
      |      o oo ..=. .|
      |        ooo...+  |
      |        .E++oo   |
      +----[SHA256]-----+

      Copy to Clipboard Toggle word wrap
      Warning

      Your identification in this output is your private key. Never share your private key. Possession of your private key allows someone else to impersonate you on any system that has your public key.

Procedure

1. Log in to the first host as the root user.

2. Copy your public key to the host that you want to access.

   # ssh-copy-id -i <location>/<keyname>.pub <user>@<hostname>

   Copy to Clipboard Toggle word wrap

   Enter the password for <user>@<hostname> if prompted.

   Warning

   Make sure that you use the file that ends in .pub. Never share your private key. Possession of your private key allows someone else to impersonate you on any system that has your public key.