Saturday, January 30, 2016

password less SSH connection to Clustered Data ONTAP using Key

password less SSH connection to Clustered Data ONTAP using Key

Basically " password less SSH connection to Clustered Data ONTAP using Key " means without typing username and password we have to login to the remote machine using SSH protocol. Now we think is it not a security thread? when SSH is login to remote machine with credentials, No it is not a security thread it is feature instead of using credential (username and password) we are using key bits to login remote machine.

This key based authentication is more useful when we run a script an remote machine, always you have to type a remote machine password in order to execute the script an remote machine,  but if a script is scheduled using any automated task scheduler then you may not available yet that point of time script will not execute. In order to  overcome this issue we will generate an ssh public-key and  attach same key to remote machine, it will not ask you credential until you have not changed your key.

Note: Generated ssh key file should be in restricted mode.

STEP 1 :-

Let's see how to generate an SSH key in Linux / UNIX machine.

[root@arkit71 ~]# ssh-keygen -t rsa    <<--- Command to Generate Key -->>  Generating public/private rsa key pair.  Enter file in which to save the key (/root/.ssh/id_rsa):  Created directory '/root/.ssh'.  Enter passphrase (empty for no passphrase):  Enter same passphrase again:  Your identification has been saved in /root/.ssh/id_rsa.  Your public key has been saved in /root/.ssh/id_rsa.pub.  The key fingerprint is:  8e:c3:89:36:5d:75:b4:3f:53:04:cc:44:3a:eb:e0:b4 root@arkit71  The key's randomart image is:  +--[ RSA 2048]----+  | .=+..|  | . oo. |  | . = .|  | . . + . |  | S o . + |  | + = o + o |  | + * . E . |  | . . . |  | |  +-----------------+

After generating the key the default key path is ~.ssh/id_rsa.pub is the file.

in order to see your key

[root@arkit71 ~]# cat .ssh/id_rsa.pub  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPjUlxj742pPHBKcyD8CtZWAez9o90OA62Xie2gNnlHXu0XRD3Rp59KJPElVx32UMm3InSL0UKOFwnTFtDFzQ690FwocD24da9wzeI2cQP4jDB7IIeUCXtvHzzhY10FeztRBm0bd5U43n5mHXDLYy02lf8BhFs3ptJi699kWlwa+2KylU5KGiKv3v0DWYT0e6A/Rhs9TsIVvLcUVed1Ckzuz7lrimyOZNwgN83cln2Sfnv+ALCQ4U2UyStIgkRyuXA9wshFR26hDZpCltwCSlWq1mBvaJ0+sz6aUQ944ojtgVjpfinAeeD2QElcC8p2V7O357BXuS6tapqee/+BiNv root@arkit71

Now we have generated the key, the same key we are going to use for authentication

STEP 2 :-

Connect to Netapp using your SSH protocol

create user with authentication type is publickey

cDOT::> security login create -user-or-group-name ravi -authmethod publickey -application ssh -role admin -vserver cDOT  Warnning: To use public-key authentication, you must create a public key for user "ravi".    cDOT::> security login publickey create -username ravi -index 0 -publickey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPjUlxj742pPHBKcyD8CtZWAez9o90OA62Xie2gNnlHXu0XRD3Rp59KJPElVx32UMm3InSL0UKOFwnTFtDFzQ690FwocD24da9wzeI2cQP4jDB7IIeUCXtvHzzhY10FeztRBm0bd5U43n5mHXDLYy02lf8BhFs3ptJi699kWlwa+2KylU5KGiKv3v0DWYT0e6A/Rhs9TsIVvLcUVed1Ckzuz7lrimyOZNwgN83cln2Sfnv+ALCQ4U2UyStIgkRyuXA9wshFR26hDZpCltwCSlWq1mBvaJ0+sz6aUQ944ojtgVjpfinAeeD2QElcC8p2V7O357BXuS6tapqee/+BiNv root@arkit71"

As per your environment change -vserver <name> and <User Name>

STEP 3 :-

Check the status of your public key attached to user ravi, in order to check the status use below command

cDOT::> security login publickey show -username ravi    Vserver: cDOT  UserName: ravi   Index: 0  Public Key:  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPjUlxj742pPHBKcyD8CtZWAez9o90OA62Xie2gNnlHXu0XRD3Rp59KJPElVx32UMm3InSL0UKOFwnTFtDFzQ690FwocD24da9wzeI2cQP4jDB7IIeUCXtvHzzhY10FeztRBm0bd5U43n5mHXDLYy02lf8BhFs3ptJi699kWlwa+2KylU5KGiKv3v0DWYT0e6A/Rhs9TsIVvLcUVed1Ckzuz7lrimyOZNwgN83cln2Sfnv+ALCQ4U2UyStIgkRyuXA9wshFR26hDZpCltwCSlWq1mBvaJ0+sz6aUQ944ojtgVjpfinAeeD2QElcC8p2V7O357BXuS6tapqee/+BiNv root@arkit71  Fingerprint:  a9:b8:10:22:55:i0:99  Bubbleabble Fingerprint:  Comment:

above is the sample output

STEP 4 :-

Verify by connecting the Netapp Filer from your Linux machine which will not ask username and password

[root@arkit71 ~]# ssh ravi@192.168.91.11    cDOT::>

That's it..!! password less SSH connection to Clustered Data ONTAP using Key password less SSH connection to Clustered Data ONTAP using Key password less SSH connection to Clustered Data ONTAP using Key

Your publickey authentication is created using key. For 7-Mode Click Here

Please write your feedback…