on 03-18-2011 03:46 AM
Today we will try to configure SSH for ""sun OS"" and ""rhel"" because if you dont want that installer will ask you the password again and again( of remote machines ) while installation of Veritas Storage Foundation HA version 5(could be etc) then you configure the SSH between those two machines.
Note: We performed the below activity on sun 5.9 and rhel 4.1 and rhel5 update3.
Configure SSH on Sun OS
Suppose you have a two nodes environment of Sun Solaris with an OS 9 with the below environment
Environment
Sun OS on both machines = 5.9
Machine name = sunbox1
IP of sunbox1 = 192.168.253.51
Machine name = sunbox2
IP of sunbox2 = 192.168.253.52
Steps to configure the SSH
1.) Add the entry of PermitRootLogin on both machines.
2.) Run the ssh-keygen -t rsa on both machines.
3.) View the created ssh directory and its contents on both machines.
4.) Export the result of id_rsa.pub to the file name authorized_keys2 on both machines.
5.) View/Verify the authorized_keys2 contents is created on both machines.
6.) Add authorized_keys2 contents to each other machines (Not replace)
7.) View/Verify the updated data of authorized_keys2 file under /.ssh directory on both machines
8.) Restart the SSH service on both machines
9.) Some helpful things
1.) ""Add the entry of PermitRootLogin on both machines""
a.) Check the PermitRootLogin entry is yes or no
#cat /etc/ssh/sshd_config |grep PermitRootLogin
b.) If the PermitRootLogin is no, convert it to yes
PermitRootLogin yes
c.) Restart the sshd service
#/etc/init.d/sshd restart
2.) "Run the ssh-keygen -t rsa on both machines"
Machine name = sunbox1
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_rsa.
Your public key has been saved in //.ssh/id_rsa.pub.
The key fingerprint is:
f7:9c:40:6c:b2:c8:e9:47:d7:79:8d:12:30:a0:2e:9f root@sunbox1
Machine name = sunbox2
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_rsa.
Your public key has been saved in //.ssh/id_rsa.pub.
The key fingerprint is:
2f:f4:72:f2:44:61:08:60:6f:8e:c3:b6:6c:c7:ba:39 root@sunbox2
3.) ""View the created ssh directory and its contents on both machines""
bash-2.05# cd /.ssh
bash-2.05# ls -l
total 4
-rw------- 1 root other 887 Jan 2 10:42 id_rsa
-rw-r--r-- 1 root other 222 Jan 2 10:42 id_rsa.pub
4.) ""Export the result of id_rsa.pub to the file name authorized_keys2""
bash-2.05# pwd
/.ssh
bash-2.05# cat id_rsa.pub >> authorized_keys2
bash-2.05# ls -l
total 6
-rw-r--r-- 1 root other 222 Jan 2 10:48 authorized_keys2
-rw------- 1 root other 887 Jan 2 10:42 id_rsa
-rw-r--r-- 1 root other 222 Jan 2 10:42 id_rsa.pub
5.) ""View/Verify the authorized_keys2 contents is created on both machines""
Content of sunbox1 machine
# cat /.ssh/authorized_keys2
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAkvcRdf0v+xXvLKT3vVPiNkjaKO6QB7mLzBxYSmdQQE9ybgIZS5VcfxgjlncNz3aEk4MdhJ5bdIBaG8ZVGc7BsEUZ2OIAs1Exdq/La8P495MWyA23glRIXguPi1Zozbqn5WQJL+Tlwt9EyK4G4MtrhquAqsz4iicmldmEQhKO0rs= root@sunbox1
Content of sunbox2 machine
# cat /.ssh/authorized_keys2
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1I2p31eEmHs2HhlprFPgoY0j3OGr7RUgFTYqudN7HT8NbqSdp7M4zpqwBDSutxlTXzjoUO8fodh8n+VX4/pIK/sJnrGitcoQH4yxxL32mMYF7Zl/0V24mFmyAA4O2VzlRdT2f9si6Dv3+6QvcyVqL9uJxBmpHAellj6ojpyfJ+k= root@sunbox2
6.) ""Add authorized_keys2 contents to each other machines (Not replace)""
For this purpose we first copy the sunbox1 file to the sunbox2 and the sunbox2 file to the sunbox1:
Activity of sunbox1
# scp authorized_keys2 root@192.168.253.52:/home
Password:
authorized_keys2 100% |***************************| 222 00:00
Activity of sunbox2
# scp authorized_keys2 root@192.168.253.51:/home
Password:
authorized_keys2 100% |***************************| 222 00:00
Now Add the sunbox1 file "authorized_keys2" content (located under /home) to sunbox2 file "authorized_keys2" (located under /.ssh)
AND
Add the sunbox2 file "authorized_keys2" content (located under /home) to sunbox1 file "authorized_keys2" (located under /.ssh)
Activity of sunbox1
# cat /home/authorized_keys2 >> /.ssh/authorized_keys2
Activity of sunbox2
cat /home/authorized_keys2 >> /.ssh/authorized_keys2
7.) ""View/Verify the updated data of authorized_keys2 file under /.ssh directory on both machines""
Activity of sunbox1
cat /.ssh/authorized_keys2
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAkvcRdf0v+xXvLKT3vVPiNkjaKO6QB7mLzBxYSmdQQE9ybgIZS5VcfxgjlncNz3aEk4MdhJ5bdIBaG8ZVGc7BsEUZ2OIAs1Exdq/La8P495MWyA23glRIXguPi1Zozbqn5WQJL+Tlwt9EyK4G4MtrhquAqsz4iicmldmEQhKO0rs= root@sunbox1
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1I2p31eEmHs2HhlprFPgoY0j3OGr7RUgFTYqudN7HT8NbqSdp7M4zpqwBDSutxlTXzjoUO8fodh8n+VX4/pIK/sJnrGitcoQH4yxxL32mMYF7Zl/0V24mFmyAA4O2VzlRdT2f9si6Dv3+6QvcyVqL9uJxBmpHAellj6ojpyfJ+k= root@sunbox2
Activity of sunbox2
# cat /.ssh/authorized_keys2 Suppose you have a two nodes environment of Sun Solaris with an OS 9 with the below environment
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1I2p31eEmHs2HhlprFPgoY0j3OGr7RUgFTYqudN7HT8NbqSdp7M4zpqwBDSutxlTXzjoUO8fodh8n+VX4/pIK/sJnrGitcoQH4yxxL32mMYF7Zl/0V24mFmyAA4O2VzlRdT2f9si6Dv3+6QvcyVqL9uJxBmpHAellj6ojpyfJ+k= root@sunbox2
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAkvcRdf0v+xXvLKT3vVPiNkjaKO6QB7mLzBxYSmdQQE9ybgIZS5VcfxgjlncNz3aEk4MdhJ5bdIBaG8ZVGc7BsEUZ2OIAs1Exdq/La8P495MWyA23glRIXguPi1Zozbqn5WQJL+Tlwt9EyK4G4MtrhquAqsz4iicmldmEQhKO0rs= root@sunbox1
8.) "Restart the SSH service on both machines"
/etc/init.d/sshd restart
9.) "Some helpful things"
You may find the below error while establishing the SSH session
# ssh root@192.168.253.51
unable to initialize mechanism library [/usr/lib/gss/gl/mech_krb5.so]
Resolution
Add the below entry in the /etc/ssh/ssh_config on both machines
GSSAPIKeyExchange no
Configure SSH on rhel
""Suppose you have a two nodes environment of rhel""
Do the same activity as you did on Sun OS except point no # 1 in which you defined an entry of PermitRootLogin under /etc/ssh/sshd_config file.