Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ssh connection without password

Status
Not open for further replies.
holdahl

holdahl

IS-IT--Management
Apr 4, 2006
213
0
0
NO
I'm trying to use ssh between some aix machines without having to enter password. (trying to run script that is copying some files from one machine to others in a cron job)

It works for some machines, but having problems with one machines that is part of a hacmp cluster.

Is the ip address of a machine used when creating ssh keys, or is only the hostname used?

Is it possible to create ssh keys for a machine that has more than one ip address?

-holdahl
 
Sort by date Sort by votes
This is what I do.

On all nodes in the Cluster edit /etc/ssh/shosts.equiv so that all other nodes in the cluster are trusted.
Self and other nodes.

E.g. if you have two nodes node1 and node2. On the node2 server you would edit /etc/ssh/shosts.equiv and add in node1


On the first node in the cluster e.g. node 0 (Master node) create a root user ssh key

As the root user do the following:
cd
ssh-keygen -t dsa
<enter>
<enter>
<enter>

cat id_dsa.pub grab all of the key info

e.g. ssh-dss AAAABBBBBCCCCC.....

Copy the key to all the other nodes in the cluster using the following process:

vi /etc/ssh/authorized_keys/root

add the following line to the end of the file (all on one line):

from="<hostname_of_master_node0.*" <SSH Public Key from step above>

e.g.
from="master_hostname.*" ssh-dss AAAABBBBBCCCCC.....

On all nodes apart from the Master 0 node allow root to run commands


cd /etc/ssh
cp sshd_config sshd_config.orig
vi sshd_config , comment out the line starting with this :
PermitRootLogin forced-commands-only
and make sure
PasswordAuthentication no
kill -9 $(cat /etc/ssh/sshd.pid)

Test that root@<master node> can run eg ssh <other node> lsvg against all other nodes.

test with

ssh node1 lsvg



Mike

"Whenever I dwell for any length of time on my own shortcomings, they gradually begin to seem mild, harmless, rather engaging little things, not at all like the staring defects in other people's characters."
 
Upvote 0 Downvote
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TSch
  • Locked
  • Question
Execute ssh command on VIO Server
Replies
1
Views
184
w5000
w5000
Michael1457
  • Locked
  • Question
AIX firewall accept established connection
Replies
3
Views
179
w5000
w5000
NoLogic001
  • Locked
  • Question
Ssh-keygen (Saving the key failed:)
Replies
3
Views
113
iggsterman
iggsterman
Guy987
  • Locked
  • Question
Smartcard authentication to SSH
Replies
0
Views
47
Guy987
Guy987
msxi
  • Locked
  • Question
IBM AIX tcp port opens twice when initiating a connection as part of an interface
Replies
0
Views
50
msxi
msxi

Part and Inventory Search

Sponsor

Back
Top