6.16.2 Using Oracle Exadata Deployment Assistant in Conjunction with Key-Based Authentication
You can use the -sshkeys
option to use SSH key-based
authentication in conjunction with OEDA.
Starting with the April 2020 release of Oracle Exadata Deployment Assistant (OEDA), you can use SSH keys for root
user
authentication on Oracle Exadata Racks.
To use this feature, you must first set up the required SSH keys. The easiest way to
do this is to use the setuprootssh.sh
utility
included with OEDA. For example:
./setuprootssh.sh -cf config.xml
For more information about the setuprootssh.sh
utility,
see Using the OEDA setuprootssh Utility.
After you set up the required SSH keys, add the
-sshkeys
option to the regular
command-line options when you start up OEDA. For example:
./install.sh -cf config.xml -s 1 -sshkeys -usesu
When you specify the -sshkeys
option, OEDA uses SSH key-based authentication. In conjunction with this
option, the OEDA
WorkDir
must contain the SSH private key for
each host in the deployment file (config.xml). The private keys must
conform to the following file naming convention:
id_rsa.short_hostname.root
In the key file names, short_hostname is the corresponding server host name without any domain name qualification.
As shown in the previous example, when you specify the
-sshkeys
option, you must also
specify the -usesu
option to instruct OEDA to run non-root
commands from the
root
user using
su
.
When you first log in to a host following the
Resecure Machine
deployment step,
you are prompted to reset the root
password.
This still occurs even when SSH key-based authentication is
enabled, and password-based authentication is disabled.