password less SSH connection to Clustered Data ONTAP using Key
Basically " password less SSH connection to Clustered Data ONTAP using Key " means without typing username and password we have to login to the remote machine using SSH protocol. Now we think is it not a security thread? when SSH is login to remote machine with credentials, No it is not a security thread it is feature instead of using credential (username and password) we are using key bits to login remote machine.
This key based authentication is more useful when we run a script an remote machine, always you have to type a remote machine password in order to execute the script an remote machine, but if a script is scheduled using any automated task scheduler then you may not available yet that point of time script will not execute. In order to overcome this issue we will generate an ssh public-key and attach same key to remote machine, it will not ask you credential until you have not changed your key.
Note: Generated ssh key file should be in restricted mode.
STEP 1 :-
Let's see how to generate an SSH key in Linux / UNIX machine.
[root@arkit71 ~]# ssh-keygen -t rsa <<--- Command to Generate Key -->> Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 8e:c3:89:36:5d:75:b4:3f:53:04:cc:44:3a:eb:e0:b4 root@arkit71 The key's randomart image is: +--[ RSA 2048]----+ | .=+..| | . oo. | | . = .| | . . + . | | S o . + | | + = o + o | | + * . E . | | . . . | | | +-----------------+
After generating the key the default key path is ~.ssh/id_rsa.pub is the file.
in order to see your key
[root@arkit71 ~]# cat .ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPjUlxj742pPHBKcyD8CtZWAez9o90OA62Xie2gNnlHXu0XRD3Rp59KJPElVx32UMm3InSL0UKOFwnTFtDFzQ690FwocD24da9wzeI2cQP4jDB7IIeUCXtvHzzhY10FeztRBm0bd5U43n5mHXDLYy02lf8BhFs3ptJi699kWlwa+2KylU5KGiKv3v0DWYT0e6A/Rhs9TsIVvLcUVed1Ckzuz7lrimyOZNwgN83cln2Sfnv+ALCQ4U2UyStIgkRyuXA9wshFR26hDZpCltwCSlWq1mBvaJ0+sz6aUQ944ojtgVjpfinAeeD2QElcC8p2V7O357BXuS6tapqee/+BiNv root@arkit71
Now we have generated the key, the same key we are going to use for authentication
STEP 2 :-
Connect to Netapp using your SSH protocol
create user with authentication type is publickey
cDOT::> security login create -user-or-group-name ravi -authmethod publickey -application ssh -role admin -vserver cDOT Warnning: To use public-key authentication, you must create a public key for user "ravi". cDOT::> security login publickey create -username ravi -index 0 -publickey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPjUlxj742pPHBKcyD8CtZWAez9o90OA62Xie2gNnlHXu0XRD3Rp59KJPElVx32UMm3InSL0UKOFwnTFtDFzQ690FwocD24da9wzeI2cQP4jDB7IIeUCXtvHzzhY10FeztRBm0bd5U43n5mHXDLYy02lf8BhFs3ptJi699kWlwa+2KylU5KGiKv3v0DWYT0e6A/Rhs9TsIVvLcUVed1Ckzuz7lrimyOZNwgN83cln2Sfnv+ALCQ4U2UyStIgkRyuXA9wshFR26hDZpCltwCSlWq1mBvaJ0+sz6aUQ944ojtgVjpfinAeeD2QElcC8p2V7O357BXuS6tapqee/+BiNv root@arkit71"
As per your environment change -vserver <name> and <User Name>
STEP 3 :-
Check the status of your public key attached to user ravi, in order to check the status use below command
cDOT::> security login publickey show -username ravi Vserver: cDOT UserName: ravi Index: 0 Public Key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPjUlxj742pPHBKcyD8CtZWAez9o90OA62Xie2gNnlHXu0XRD3Rp59KJPElVx32UMm3InSL0UKOFwnTFtDFzQ690FwocD24da9wzeI2cQP4jDB7IIeUCXtvHzzhY10FeztRBm0bd5U43n5mHXDLYy02lf8BhFs3ptJi699kWlwa+2KylU5KGiKv3v0DWYT0e6A/Rhs9TsIVvLcUVed1Ckzuz7lrimyOZNwgN83cln2Sfnv+ALCQ4U2UyStIgkRyuXA9wshFR26hDZpCltwCSlWq1mBvaJ0+sz6aUQ944ojtgVjpfinAeeD2QElcC8p2V7O357BXuS6tapqee/+BiNv root@arkit71 Fingerprint: a9:b8:10:22:55:i0:99 Bubbleabble Fingerprint: Comment:
above is the sample output
STEP 4 :-
Verify by connecting the Netapp Filer from your Linux machine which will not ask username and password
[root@arkit71 ~]# ssh ravi@192.168.91.11 cDOT::>
That's it..!! password less SSH connection to Clustered Data ONTAP using Key password less SSH connection to Clustered Data ONTAP using Key password less SSH connection to Clustered Data ONTAP using Key
Your publickey authentication is created using key. For 7-Mode Click Here
Please write your feedback…