IBM Support

Configuring an SSH login without password

Question & Answer


Question

How do I create password-less login for SSH on an IBM Netezza 1000 system?

Answer

Note: This article, which describes how to set up an SSH login that does not use passwords, applies to RHEL5.

SSH is ideal for managing remote systems because of its password-less option that uses keys instead of passwords, keeping system passwords safe. This article uses ssh-copy-id, a utility that greatly simplifies the procedure by copying the local host’s public key to the remote host’s authorized keys file and by verifying file permissions and ownership.

The following procedure configures password-less SSH:


1. Start by generating a key pair. A key pair includes a .pub (public key) that you share with remote computers and a private key that you never share.

ssh-keygen -t rsa

Note: When you generate these keys, do not enter a passphrase.

The following is an example of the command and subsequent prompt:


[root@cae .ssh]# ssh-keygen -t rsa 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/my_id 
Enter passphrase (empty for no passphrase):

Enter same passphrase again:
Your identification has been saved in /root/.ssh/my_id.
Your public key has been saved in /root/.ssh/my_id.pub.
The key fingerprint is:
1c:ee:bb:73:b2:42:34:02:e2:85:bf:c9:97:01:d1:f7 root@cae.netezza.com
The key's randomart image is:
+--[ RSA 2048]----+
|  ..o            |
|...o . .         |
|..o.. . o        |
| . ...oo E       |
|  . ooo.S        |
|   + o..         |
|    ..  .        |
|      . o..      |
|       .+*       |
+-----------------+
You have new mail in /var/spool/mail/root




2. Navigate to the directory in which you created the keys and verify that the process succeeded. The following is a continuation of the example.
[root@cae .ssh]#cd /root/.ssh/ 
[root@cae .ssh]# ls 
id_dsa      identity      id_rsa      jlan         my_id      test
id_dsa.pub  identity.pub  id_rsa.pub  known_hosts  my_id.pub  test.pub
[root@cae .ssh]#



3. Copy the public key to the destination system. That is, copy it to the system that you want password-less SSH access to, which in this example is tf2.

[root@cae .ssh]# ssh-copy-id -i my_id.pub root@tf2


4. You should now be able to login into the remote machine without a password. For example:

[root@cae .ssh]# ssh tf2 
Last login: Sat Oct  2 11:37:55 2010 from cae.netezza.com [root@NZ80518-H2 ~]#



Troubleshooting


If the public key is disabled, check the configuration file named /etc/ssh/sshd on the target computer for the following settings:

RSAAuthentication yes
PubkeyAuthentication yes



If not already set, file permissions for ~.ssh need to be set to 700 as follows:
# cd
# chmod 700 .ssh


If you are using an unsupported key type, generate a DSA key in Step 1 instead of an RSA key.
ssh-keygen -t dsa

[{"Product":{"code":"SSULQD","label":"IBM PureData System"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":null,"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.0.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Historical Number

NZ888518

Document Information

Modified date:
17 October 2019

UID

swg21569200