How to configure SSH for “”sun OS”” and “”rhel””

Posted on July 15, 2011

0


Today we will try to configure SSH for “”sun OS”” and “”rhel”” because if you dont want that installer will ask you the password again and again( of remote machines ) while installation of Veritas Storage Foundation HA version 5(could be etc) then you configure the SSH between those two machines.

Note: We performed the below activity on sun 5.9 and rhel 4.1 and rhel5 update3.

Configure SSH on Sun OS

Suppose you have a two nodes environment of Sun Solaris with an OS 9 with the below environment

Environment

Sun OS on both machines = 5.9
Machine name = sunbox1
IP of sunbox1 = 192.168.253.51
Machine name = sunbox2
IP of sunbox2 = 192.168.253.52

Steps to configure the SSH
1.) Add the entry of PermitRootLogin on both machines.
2.) Run the ssh-keygen -t rsa on both machines.
3.) View the created ssh directory and its contents on both machines.
4.) Export the result of id_rsa.pub to the file name authorized_keys2 on both machines.
5.) View/Verify the authorized_keys2 contents is created on both machines.
6.) Add authorized_keys2 contents to each other machines (Not replace)
7.) View/Verify the updated data of authorized_keys2 file under /.ssh directory on both machines
8.) Restart the SSH service on both machines
9.) Some helpful things

1.) “”Add the entry of PermitRootLogin on both machines””

a.) Check the PermitRootLogin entry is yes or no

#cat /etc/ssh/sshd_config |grep PermitRootLogin

b.) If the PermitRootLogin is no, convert it to yes

PermitRootLogin yes

c.) Restart the sshd service

#/etc/init.d/sshd restart

2.) “Run the ssh-keygen -t rsa on both machines”

Machine name = sunbox1
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_rsa.
Your public key has been saved in //.ssh/id_rsa.pub.
The key fingerprint is:
f7:9c:40:6c:b2:c8:e9:47:d7:79:8d:12:30:a0:2e:9f root@sunbox1

Machine name = sunbox2
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_rsa.
Your public key has been saved in //.ssh/id_rsa.pub.
The key fingerprint is:
2f:f4:72:f2:44:61:08:60:6f:8e:c3:b6:6c:c7:ba:39 root@sunbox2

3.) “”View the created ssh directory and its contents on both machines””

bash-2.05# cd /.ssh
bash-2.05# ls -l
total 4
-rw——-   1 root     other        887 Jan  2 10:42 id_rsa
-rw-r–r–   1 root     other        222 Jan  2 10:42 id_rsa.pub

4.) “”Export the result of id_rsa.pub to the file name authorized_keys2″”

bash-2.05# pwd
/.ssh
bash-2.05# cat id_rsa.pub >> authorized_keys2
bash-2.05# ls -l
total 6
-rw-r–r–   1 root     other        222 Jan  2 10:48 authorized_keys2
-rw——-   1 root     other        887 Jan  2 10:42 id_rsa
-rw-r–r–   1 root     other        222 Jan  2 10:42 id_rsa.pub

5.) “”View/Verify the authorized_keys2 contents is created on both machines””

Content of sunbox1 machine

# cat /.ssh/authorized_keys2
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAkvcRdf0v+xXvLKT3vVPiNkjaKO6QB7mLzBxYSmdQQE9ybgIZS5VcfxgjlncNz3aEk4MdhJ5bdIBaG8ZVGc7BsEUZ2OIAs1Exdq/La8P495MWyA23glRIXguPi1Zozbqn5WQJL+Tlwt9EyK4G4MtrhquAqsz4iicmldmEQhKO0rs= root@sunbox1

Content of sunbox2 machine

# cat /.ssh/authorized_keys2
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1I2p31eEmHs2HhlprFPgoY0j3OGr7RUgFTYqudN7HT8NbqSdp7M4zpqwBDSutxlTXzjoUO8fodh8n+VX4/pIK/sJnrGitcoQH4yxxL32mMYF7Zl/0V24mFmyAA4O2VzlRdT2f9si6Dv3+6QvcyVqL9uJxBmpHAellj6ojpyfJ+k= root@sunbox2

6.) “”Add authorized_keys2 contents to each other machines (Not replace)””

For this purpose we first copy the sunbox1 file to the sunbox2 and the sunbox2 file to the sunbox1:

Activity of sunbox1

# scp authorized_keys2 root@192.168.253.52:/home
Password:
authorized_keys2     100% |***************************|   222       00:00

Activity of sunbox2

# scp authorized_keys2 root@192.168.253.51:/home
Password:
authorized_keys2     100% |***************************|   222       00:00

Now Add the sunbox1 file “authorized_keys2” content (located under /home) to sunbox2 file “authorized_keys2” (located under /.ssh)
AND
Add the sunbox2 file “authorized_keys2” content (located under /home) to sunbox1 file “authorized_keys2” (located under /.ssh)

Activity of sunbox1

# cat /home/authorized_keys2 >> /.ssh/authorized_keys2

Activity of sunbox2

cat /home/authorized_keys2 >> /.ssh/authorized_keys2

7.) “”View/Verify the updated data of authorized_keys2 file under /.ssh directory on both machines””

Activity of sunbox1

cat /.ssh/authorized_keys2
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAkvcRdf0v+xXvLKT3vVPiNkjaKO6QB7mLzBxYSmdQQE9ybgIZS5VcfxgjlncNz3aEk4MdhJ5bdIBaG8ZVGc7BsEUZ2OIAs1Exdq/La8P495MWyA23glRIXguPi1Zozbqn5WQJL+Tlwt9EyK4G4MtrhquAqsz4iicmldmEQhKO0rs= root@sunbox1
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1I2p31eEmHs2HhlprFPgoY0j3OGr7RUgFTYqudN7HT8NbqSdp7M4zpqwBDSutxlTXzjoUO8fodh8n+VX4/pIK/sJnrGitcoQH4yxxL32mMYF7Zl/0V24mFmyAA4O2VzlRdT2f9si6Dv3+6QvcyVqL9uJxBmpHAellj6ojpyfJ+k= root@sunbox2

Activity of sunbox2

# cat /.ssh/authorized_keys2 Suppose you have a two nodes environment of Sun Solaris with an OS 9 with the below environment

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1I2p31eEmHs2HhlprFPgoY0j3OGr7RUgFTYqudN7HT8NbqSdp7M4zpqwBDSutxlTXzjoUO8fodh8n+VX4/pIK/sJnrGitcoQH4yxxL32mMYF7Zl/0V24mFmyAA4O2VzlRdT2f9si6Dv3+6QvcyVqL9uJxBmpHAellj6ojpyfJ+k= root@sunbox2
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAkvcRdf0v+xXvLKT3vVPiNkjaKO6QB7mLzBxYSmdQQE9ybgIZS5VcfxgjlncNz3aEk4MdhJ5bdIBaG8ZVGc7BsEUZ2OIAs1Exdq/La8P495MWyA23glRIXguPi1Zozbqn5WQJL+Tlwt9EyK4G4MtrhquAqsz4iicmldmEQhKO0rs= root@sunbox1

8.) “Restart the SSH service on both machines”
/etc/init.d/sshd restart

9.) “Some helpful things”
You may find the below error while establishing the SSH session

# ssh root@192.168.253.51
unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]

Resolution

Add the below entry in the /etc/ssh/ssh_config on both machines

GSSAPIKeyExchange no

Configure SSH on rhel

“”Suppose you have a two nodes environment of rhel””

Do the same activity as you did on Sun OS except point no # 1 in which you defined an entry of PermitRootLogin under /etc/ssh/sshd_config file.

Advertisements
Posted in: SFHA / VCS