6.16.2 Using Oracle Exadata Deployment Assistant in Conjunction with Key-Based Authentication

You can use the -sshkeys option to use SSH key-based authentication in conjunction with OEDA.

Starting with the April 2020 release of Oracle Exadata Deployment Assistant (OEDA), you can use SSH keys for root user authentication on Oracle Exadata Racks.

To use this feature, you must first set up the required SSH keys. The easiest way to do this is to use the setuprootssh.sh utility included with OEDA. For example:

./setuprootssh.sh -cf config.xml

For more information about the setuprootssh.sh utility, see Using the OEDA setuprootssh Utility.

After you set up the required SSH keys, add the -sshkeys option to the regular command-line options when you start up OEDA. For example:

./install.sh -cf config.xml -s 1 -sshkeys -usesu

When you specify the -sshkeys option, OEDA uses SSH key-based authentication. In conjunction with this option, the OEDA WorkDir must contain the SSH private key for each host in the deployment file (config.xml). The private keys must conform to the following file naming convention:

id_rsa.short_hostname.root

In the key file names, short_hostname is the corresponding server host name without any domain name qualification.

As shown in the previous example, when you specify the -sshkeys option, you must also specify the -usesu option to instruct OEDA to run non-root commands from the root user using su.

When you first log in to a host following the Resecure Machine deployment step, you are prompted to reset the root password. This still occurs even when SSH key-based authentication is enabled, and password-based authentication is disabled.