このコンテンツは選択した言語では利用できません。

Chapter 4. Configure key based SSH authentication without a password


Configure key-based SSH authentication without a password for the root user from the host, to the FQDNs of both storage and management interfaces on the same host.

4.1. Adding known hosts to the first host

When you use SSH to log in to a host from a system that is not already known to the host, you are prompted to add that system as a known host.

  1. Log in to the first hyperconverged host as the root user.
  2. Perform the following steps for each host in the cluster, including the first host.

    1. Use SSH to log in to a host as the root user.

      [root@server1]# ssh root@server1.example.com
    2. Enter yes to continue connecting.

      [root@server1]# ssh root@server2.example.com
      The authenticity of host 'server2.example.com (192.51.100.28)' can't be established.
      ECDSA key fingerprint is SHA256:Td8KqgVIPXdTIasdfa2xRwn3/asdBasdpnaGM.
      Are you sure you want to continue connecting (yes/no)?

      This automatically adds the host key of the first host to the known_hosts file on the target host.

      Are you sure you want to continue connecting (yes/no)? yes
      Warning: Permanently added '192.51.100.28' (ECDSA) to the list of known hosts.
    3. Enter the password for the root user on the target host to complete the login process.

      root@server2.example.com's password: ***************
      Last login: Mon May 27 10:04:49 2019
      [root@server2]#
    4. Log out of the host.

      [root@server2]# exit
      [root@server1]#
      Note

      When you log out of the SSH session from the first host to itself, the user and server in the command line prompt stay the same; it is only the session that changes.

      [root@server1]# exit
      [root@server1]#

4.2. Generating SSH key pairs without a password

Generating a public/private key pair lets you use key-based SSH authentication. Generating a key pair that does not use a password makes it simpler to use Ansible to automate deployment and configuration processes.

Procedure

  1. Log in to the first hyperconverged host as the root user.
  2. Generate an SSH key that does not use a password.

    1. Start the key generation process.

      # ssh-keygen -t rsa
      Generating public/private rsa key pair.
    2. Enter a location for the key.

      The default location, shown in parentheses, is used if no other input is provided.

      Enter file in which to save the key (/home/username/.ssh/id_rsa): <location>/<keyname>
    3. Specify and confirm an empty passphrase by pressing Enter twice.

      Enter passphrase (empty for no passphrase):
      Enter same passphrase again:

      The private key is saved in <location>/<keyname>. The public key is saved in <location>/<keyname>.pub.

      Your identification has been saved in <location>/<keyname>.
      Your public key has been saved in <location>/<keyname>.pub.
      The key fingerprint is SHA256:8BhZageKrLXM99z5f/AM9aPo/KAUd8ZZFPcPFWqK6+M root@server1.example.com
      The key's randomart image is:
      +---[ECDSA 256]---+
      |      . .      +=|
      | . . . =      o.o|
      |  + . * .    o...|
      | = . . *  . + +..|
      |. + . . So o * ..|
      |   . o . .+ =  ..|
      |      o oo ..=. .|
      |        ooo...+  |
      |        .E++oo   |
      +----[SHA256]-----+
      Warning

      Your identification in this output is your private key. Never share your private key. Possession of your private key allows someone else to impersonate you on any system that has your public key.

4.3. Copying SSH keys

To access a host using your private key, that host needs a copy of your public key.

Prerequisites

  • Generate a public/private key pair.
  • SSH access from the root user on the host to all storage and management interfaces on the same host, using both IP addresses and FQDNs.

Procedure

  1. Log in to the first host as the root user.
  2. Copy your public key to the host that you want to access.

    # ssh-copy-id -i <location>/<keyname>.pub <user>@<hostname>

    Enter the password for <user>@<hostname> if prompted.

    Warning

    Make sure that you use the file that ends in .pub. Never share your private key. Possession of your private key allows someone else to impersonate you on any system that has your public key.

Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.