HPE Community
Array Setup and Networking
1753797 Members
7380 Online
108805 Solutions
New Discussion

Passwordless cert-based SSH login?

 
SOLVED
Go to solution
ipro-bgardner5
Occasional Advisor

‎08-25-2014 02:45 PM

‎08-25-2014 02:45 PM

Passwordless cert-based SSH login?

I'm trying to enable passwordless cert-based SSH login on our CS220.

My personal workstation runs CentOS 6.  So far I've followed guidance in https://connect.nimblestorage.com/message/1876#1876

When I log in, the Nimble still prompts for a password.

What should I be looking at for troubleshooting?  Can't seem to find any logs except what's in the web interface, and that only lists events related to storage.

0 Kudos
Reply
1 REPLY 1
ipro-bgardner5
Occasional Advisor

‎08-26-2014 01:52 PM

‎08-26-2014 01:52 PM

Solution

Re: Passwordless cert-based SSH login?

After some research, found the problem.

The rfenton's howto referenced above says to cat the client-side id_rsa.pub and copy the contents to the clipboard, then paste the contents into this command on the Nimble:

    sshkey --add richkey --type rsa --key <key contents>

On my CentOS 6 workstation, when I cat my id_rsa.pub file I get something like this:

    ssh-rsa <a bunch of encrypted text> <username>@<my workstation hostname>

I tried using this output verbatim in the sshkey command and couldn't log in to the Nimble passwordlessly.

Troubleshooting, I used this command on the Nimble:

    sshkey --info richkey

I didn't actually use 'richkey' as the name of my key, but we'll go with that for this example.

The command returned this information:

    Name: richkey

    Type: rsa

    Key: ssh-rsa

So it's not picking up the entire key contents.  Deleted the key then tried putting the key contents in quotes:

    sshkey --delete richkey

    sshkey --add richkey --type rsa --key "ssh-rsa <a bunch of encrypted text> <username>@<my workstation hostname>"

Still can't log in without using a password.

Deleted the key and tried again, leaving off the ssh-rsa:

    sshkey --add richkey --type rsa --key "<a bunch of encrypted text> <username>@<my workstation hostname>"

This worked.  I can now log in without entering a password.  This facilitates scripting.  I'll be using this to gather data for Nagios.

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.