If you need to set up passwordless authentication to the Isilon system, then this post going to help you.
In this post, I will explain how to configure RSA key authentication, which allows you to log in to any Unix system without a password.
The underlying kernel of EMC Isilon is a Unix kernel. Hence, you can run pretty much all Unix command on it.
Setting up RSA authentication from the Unix server to Isilon and Unix server to another Unix server follows the same steps.
Read the post on NetApp public key authentication.
In a later section, we will see the detailed steps, but before let us understand how passwordless authentication works?
How PasswordLess Log In Works?
In passwordless authentication, a client is able to SSH to a target system without using a password. To do so you need to copy the RSA public key of the client and add it in the authorized_keys file of the target system.
In our scenario, the client is a Unix Server and the target system is EMC Isilon. Hence, we will create a RSA public key in Unix Server and then add it to the authorized_keys file of the Isilon node.
Once you complete these steps, you can log in to Isilon from the Unix server without a password.
Configure PasswordLess Authentication To Isilon From Unix Server
Below are the overall steps that we are going to follow to configure passwordless authentication to Isilon from the Unix server.
- First, create a public key in the Unix Server.
- Next, verify the home directory of the Isilon user.
- Create a .ssh directory and authorized_keys file inside it, if they do not exists.
- Copy the public key from the Unix server and paste it in the authorized_keys file of Isilon.
- Finally, verify the passwordless login from Unix Server to Isilon.
Step 1. On the Unix server, create the RSA public key
Run the below command in the Unix server to create RSA public key.
server# ssh-keygen -t rsa
You will get a similar output as below.
Follow the text prompts to complete the RSA public key creation process. Just press enter if you want default values.
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
.Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
6f:88:45:20:a3:b6:f1:00:d5:e9:3a:69:f2:63:d5:87
root@server#
The above steps complete the RSA public key creation process. You can view the RSA public key using the below command.
server# cat /root/.ssh/id_rsa.pub
Step 2. Verify the home directory of Isilon User.
The authorized_keys file exists in the home directory of a user. Hence, first, find the home directory path of the Isilon user using the below command.
isilon1-01# isi auth users view root
Note that, for the root account, the home directory is /root. However, if you have any other account, then the home directory may be /ifs/home/<user>.
Step 3. Create .ssh directory if does not exist in Isilon.
Once you have the home directory location, verify if .ssh directory exists or not. If you do not find a .ssh directory then you need to create one.
isilon1-01# mkdir /root/.ssh
Step 4. Copy the RSA public key to Isilon
Finally, copy the public key, which was created in Step 1.
Note that, Isilon has multiple nodes and if you want passwordless authentication for all nodes, then you have to copy the RSA public key to all nodes.
Now, once you copy the RSA public key, use the below command to paste it in the authorized_keys file in Isilon.
cat > /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvoP1X2mikthSbxyd6W39wjt6Gdj+gn96sYY9fVLFFympCS2ouerq/LkT+zHz18ppzb7gpPnhfDrze8G78tpvXIkaC2FVdmCCPysaJg/WyNj0/mkmocijqT+w5tRThZboBwR4PAvg+jgTHUvc2OIobHJh6d0Br5npcybj8uKXUqm0a0tNAILWxBgKRs2ghz8VqyBuXJizCes5B1aXFJdxzKTN425hWigUWgNrcbipY6NeCA0/wv67hYgBxG3XXq0G7KZIlFha6GSrzqTzv17OMb+lhp0AFjNtUZzjp+2mTr3ZgeOS71psAvis1mtHq1DZ2EL1yROXgEX0/YBte5YA4Q== root@nis.nasadmin.org
Press enter once and Control + C to save the file.
Now, you have completed the steps to configure a passwordless login to Isilon from the Unix server.
If you want to log in to each node of the cluster without using a password then, connect to every other node and repeat step 3.
Step 5. Verify PasswordLess Log In To Isilon
To verify that the process was successful, log in to the Unix server and run the below command.
server# ssh isilon1-01
If it does not ask any password, then the verification is successful.
Now, you should be able to SSH directly to any node in the cluster from the Unix server without a password.
Watch a live demo of all the steps in the below video and Subscribe to the channel to get notifications.