Before You Begin
You must have the rights to assign the Compliance Assessor rights profile. The root role or an administrator with the Compliance Assessor rights profile can assign the profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
Because this user should be running with only the Compliance Assessor rights profile, this command replaces the user's rights profiles with the Compliance Assessor profile.
# usermod -K profiles="Compliance Assessor" -S ldap username
username@host1 $ ssh-keygen -t rsa -P "" Generating public/private rsa key pair. Enter file in which to save the key (/home/username/.ssh/id_rsa): Your identification has been saved in $HOME/.ssh/id_rsa Your public key has been saved in $HOME/.ssh/id_rsa.pub The key fingerprint is: SHA256:BLNj0v9...izsQ username@host1 The key's randomart image is: +---[RSA 2048]----+ | o .=B| ...
username@host $ eval `ssh-agent` Agent pid nnnn username@host $ ssh-add Identity added: /home/username/.ssh/id_rsa (/home/username/.ssh/id_rsa) username@host $ ssh-add -l 2048 SHA256:MZck..... /home/username/.ssh/id_rsa (RSA)
The first time you log in to a system, type yes when prompted to establish the authenticity of the host.
The authenticity of host 'hostname (192.0.2.38)' can't be established. AB98765 key fingerprint is SHA256:tAXFy...................... Are you sure you want to continue connecting (yes/no)? yes
After each remote system is known, you should not be prompted for a password.
If you continue to be prompted, see the following Troubleshooting section.
192.0.2.38,myx86,myx86.example.org ssh-rsa AAAAB3NzaC1yc2...
As root, debug the Secure Shell server. Run a command similar to the following:
SSHserver# /usr/lib/ssh/sshd -p 2222 -d
In a different terminal window and using the same port, connect as the user from the client and search for the ultimate cause of the failure.
SSHclient$ ssh -p 2222 SSHserver
Messages similar to the following can indicate the ultimate cause of the failure:
Authentication refused: bad ownership or modes for directory /home/username
In this instance, the user has a writable group directory above the directory where the private key is stored. Change the directory permissions to 755.