password less SSH connection to Clustered Data ONTAP using Key

Basically ” password less SSH connection to Clustered Data ONTAP using Key ” means without typing username and password we have to login to the remote machine using SSH protocol. Now we think is it not a security thread? when SSH is login to remote machine with credentials, No it is not a security thread it is feature instead of using credential (username and password) we are using key bits to login remote machine.

This key based authentication is more useful when we run a script an remote machine, always you have to type a remote machine password in order to execute the script an remote machine,  but if a script is scheduled using any automated task scheduler then you may not available yet that point of time script will not execute. In order to  overcome this issue we will generate an ssh public-key and  attach same key to remote machine, it will not ask you credential until you have not changed your key.

Note: Generated ssh key file should be in restricted mode.

Password less SSH connection to Clustered Data ONTAP using Key

STEP 1 :-

Let’s see how to generate an SSH key in Linux / UNIX machine.

[root@arkit71 ~]# ssh-keygen -t rsa    <<--- Command to Generate Key -->>
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
8e:c3:89:36:5d:75:b4:3f:53:04:cc:44:3a:eb:e0:b4 root@arkit71
The key's randomart image is:
+--[ RSA 2048]----+
| .=+..|
| . oo. |
| . = .|
| . . + . |
| S o . + |
| + = o + o |
| + * . E . |
| . . . |
| |
+-----------------+

After generating the key the default key path is ~.ssh/id_rsa.pub is the file.

in order to see your key

[root@arkit71 ~]# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPjUlxj742pPHBKcyD8CtZWAez9o90OA62Xie2gNnlHXu0XRD3Rp59KJPElVx32UMm3InSL0UKOFwnTFtDFzQ690FwocD24da9wzeI2cQP4jDB7IIeUCXtvHzzhY10FeztRBm0bd5U43n5mHXDLYy02lf8BhFs3ptJi699kWlwa+2KylU5KGiKv3v0DWYT0e6A/Rhs9TsIVvLcUVed1Ckzuz7lrimyOZNwgN83cln2Sfnv+ALCQ4U2UyStIgkRyuXA9wshFR26hDZpCltwCSlWq1mBvaJ0+sz6aUQ944ojtgVjpfinAeeD2QElcC8p2V7O357BXuS6tapqee/+BiNv root@arkit71

Now we have generated the key, the same key we are going to use for authentication

STEP 2 :-

Connect to Netapp using your SSH protocol

create user with authentication type is publickey

cDOT::> security login create -user-or-group-name ravi -authmethod publickey -application ssh -role admin -vserver cDOT
Warnning: To use public-key authentication, you must create a public key for user "ravi".

cDOT::> security login publickey create -username ravi -index 0 -publickey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPjUlxj742pPHBKcyD8CtZWAez9o90OA62Xie2gNnlHXu0XRD3Rp59KJPElVx32UMm3InSL0UKOFwnTFtDFzQ690FwocD24da9wzeI2cQP4jDB7IIeUCXtvHzzhY10FeztRBm0bd5U43n5mHXDLYy02lf8BhFs3ptJi699kWlwa+2KylU5KGiKv3v0DWYT0e6A/Rhs9TsIVvLcUVed1Ckzuz7lrimyOZNwgN83cln2Sfnv+ALCQ4U2UyStIgkRyuXA9wshFR26hDZpCltwCSlWq1mBvaJ0+sz6aUQ944ojtgVjpfinAeeD2QElcC8p2V7O357BXuS6tapqee/+BiNv root@arkit71"

As per your environment change -vserver <name> and <User Name>

STEP 3 :-

Check the status of your public key attached to user ravi, in order to check the status use below command

cDOT::> security login publickey show -username ravi

Vserver: cDOT
UserName: ravi   Index: 0
Public Key:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPjUlxj742pPHBKcyD8CtZWAez9o90OA62Xie2gNnlHXu0XRD3Rp59KJPElVx32UMm3InSL0UKOFwnTFtDFzQ690FwocD24da9wzeI2cQP4jDB7IIeUCXtvHzzhY10FeztRBm0bd5U43n5mHXDLYy02lf8BhFs3ptJi699kWlwa+2KylU5KGiKv3v0DWYT0e6A/Rhs9TsIVvLcUVed1Ckzuz7lrimyOZNwgN83cln2Sfnv+ALCQ4U2UyStIgkRyuXA9wshFR26hDZpCltwCSlWq1mBvaJ0+sz6aUQ944ojtgVjpfinAeeD2QElcC8p2V7O357BXuS6tapqee/+BiNv root@arkit71
Fingerprint:
a9:b8:10:22:55:i0:99
Bubbleabble Fingerprint:
Comment:

above is the sample output

STEP 4 :-

Verify by connecting the Netapp Filer from your Linux machine which will not ask username and password

[root@arkit71 ~]# ssh ravi@192.168.91.11

cDOT::>

That’s it..!!

Your publickey authentication is created using key. For 7-Mode Click Here

Please write your feedback…

Thanks for your wonderful Support and Encouragement

Ravi Kumar Ankam

My Name is ARK. Expert in grasping any new technology, Interested in Sharing the knowledge. Learn more & Earn More

4 Responses

  1. Vamsi says:

    Thank you friend, very useful
    i am able to establish the password-less authentication connection

  2. blank bharath says:

    what happens if we migrate the lif from one node to another in same cluster, is it still works?

Leave a Reply

Your email address will not be published. Required fields are marked *