Question & Answer
How do I create password-less login for SSH on an IBM Netezza 1000 system?
Note: This article, which describes how to set up an SSH login that does not use passwords, applies to RHEL5.
SSH is ideal for managing remote systems because of its password-less option that uses keys instead of passwords, keeping system passwords safe. This article uses ssh-copy-id, a utility that greatly simplifies the procedure by copying the local host’s public key to the remote host’s authorized keys file and by verifying file permissions and ownership.
The following procedure configures password-less SSH:
1. Start by generating a key pair. A key pair includes a .pub (public key) that you share with remote computers and a private key that you never share.
ssh-keygen -t rsa
Note: When you generate these keys, do not enter a passphrase.
The following is an example of the command and subsequent prompt:
[root@cae .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/my_id
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/my_id.
Your public key has been saved in /root/.ssh/my_id.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| ..o |
|...o . . |
|..o.. . o |
| . ...oo E |
| . ooo.S |
| + o.. |
| .. . |
| . o.. |
| .+* |
You have new mail in /var/spool/mail/root
2. Navigate to the directory in which you created the keys and verify that the process succeeded. The following is a continuation of the example.
[root@cae .ssh]#cd /root/.ssh/
[root@cae .ssh]# ls
id_dsa identity id_rsa jlan my_id test
id_dsa.pub identity.pub id_rsa.pub known_hosts my_id.pub test.pub
3. Copy the public key to the destination system. That is, copy it to the system that you want password-less SSH access to, which in this example is tf2.
[root@cae .ssh]# ssh-copy-id -i my_id.pub root@tf2
4. You should now be able to login into the remote machine without a password. For example:
[root@cae .ssh]# ssh tf2
Last login: Sat Oct 2 11:37:55 2010 from cae.netezza.com [root@NZ80518-H2 ~]#
If the public key is disabled, check the configuration file named /etc/ssh/sshd on the target computer for the following settings:
If not already set, file permissions for ~.ssh need to be set to 700 as follows:
# chmod 700 .ssh
If you are using an unsupported key type, generate a DSA key in Step 1 instead of an RSA key.
ssh-keygen -t dsa
17 October 2019