Product: ssh daemon
Version: All
As SELinux become standard about 10 yr ago, but many ssh passwordless setup is still not updated, and causing many confusion. This post is going to show the complete setup procedure.
Preparation
Enable SSH Daemon log level to DEBUG1, as this is critical to troubleshoot ssh login, as well as sharing sufficient information in the UNIX community forum, when you need to get help:
1. Login as root (or sudo su)
2. Modify /etc/ssh/sshd_config file: vi /etc/ssh/sshd_config
3. Modify
From: LogLevel INFO
To: LogLevel DEBUG1
4. Other acceptable level are DEBUG1, DEBUG2, DEBUG3
5. Restart ssh daemon: systemctl restart sshd
6. View the log while simulating ssh password-less login: tail -f /var/log/secure
Setup
Following illustration will use OS username "oracle" as this is a common example for Oracle database
1. Login as oracle user
2. Create ".ssh" directory, if doesn't exists: mkdir ~/.ssh
3. Change user permission that other user/group can't access: chmod go= ~/.ssh
4. Create authorized_keys and paste the entry from remote machine (such as PuTTY) into it: vi ~/.ssh/authorized_keys
5. Change SELinux permission for above file: restorecon -Fvv ~/.ssh/authorized_keys
6. Setup the ssh client to auto login as oracle, with local file, while another ssh session viewing /var/log/secure in real time to troubleshoot the problem, if applicable
No comments:
Post a Comment