1. Quick Installation for Release 1.6
  2. Prerequisites
  3. Set up SSH Key-based Authentication

Set up SSH Key-based Authentication

Set up and verify SSH key-based authentication from the operator node to the Kubernetes nodes. Do not set a passphrase when creating the key pair as this will prevent automatic processes from running seamlessly. Take appropriate steps to ensure the private key remains secure.

Set up SSH key-based authentication for the user that is to run the Platform CLI (olcnectl) installation commands to enable login from the operator node to the following nodes:

  • Each Kubernetes node.
  • The Platform API Server node.

The following steps demonstrate one way of setting up the SSH key-based authentication:

  1. Generate the private and public key pair:

    On the operator node, run ssh-keygen as the user that you use to run olcnectl commands. Do not create a passphrase for the key (press <Enter> when prompted for a passphrase). For example: 

    ssh-keygen

    Output similar to the following is displayed:

    Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):<Enter>
Enter passphrase (empty for no passphrase): <Enter>
Enter same passphrase again: <Enter>
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
...

  2. Verify the location of the private and public key pair:

    Verify the private and public key pair have been created at the location reported in the ssh-keygen command output: 

    ls -l /home/user/.ssh/
    ...
-rw-------. 1 user user 2643 Jan 10 14:55 id_rsa
-rw-r--r--. 1 user user  600 Jan 10 14:55 id_rsa.pub
...

    The public key is indicated by the file with the “.pub” extension.

  3. Set up the public key on the target nodes:

    Add the contents of the public key to the $HOME/.ssh/authorized_keys file on each target node for the user for which the key-based SSH is being set up. The following are possible ways of doing this:

    • Run the ssh-copy-id Command:

      For systems with password authentication enabled, you have the option of running the ssh-copy-id command on the operator node. The syntax is as follows: 

      ssh-copy-id user@host

      When prompted you enter the user’s password for the host. Once the command successfully completes, the public key’s contents will have been added to the copy of the user’s $HOME/.ssh/authorized_keys file on the remote host.

      The following example shows how command ssh-copy-id can be used to add the public key to the authorized_keys file for user on host 192.0.2.255 : 

      ssh-copy-id user@192.0.2.255
      /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

user@192.0.2.255's password: 

Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'user@192.0.2.255'"and check to make sure that only the key(s) you wanted were added.
[user@operator ~]$

    • Manually setting the authorized_keys file

      If you do not have access to the ssh-copy-id command or are unable to access the system remotely with a password, you must populate the $HOME/.ssh/authorized_keys file on the target nodes manually. The following steps show how this can be done:

      1. On the operator node, open the public key you have created in a file reader. Continuing with our example we would do this as follows: 

        cat /home/user/.ssh/id_rsa.pub
        ssh-rsa AQRayc2EAAAABIwAAAQEA6OabJhWABsZ4F3mcjEPT3sxnXx1OoUcvuC... 
...OEKX9Kp9QWH+IfASI8q09xQ= user@operator

      2. Copy the public key you have created.

      3. Log in to one of the target servers.

      4. Confirm the location of the $HOME/.ssh/authorized_keys file belonging to the user whose key-based access you are setting up. For example: 

        ls /home/user/.ssh/authorized_keys 
        /home/user/.ssh/authorized_keys

      5. Append the public key to the authorized_keys file.

      6. Ensure that the permissions of the user's $HOME/.ssh and $HOME/.ssh/authorized_keys files are set correctly:
        • $HOME/.ssh: The recommended permissions are read/write/execute for the user, and not accessible by others, as shown in the following example output: 
          drwx------. 2 user user 66 Jan 11 17:33 /home/user/.ssh
        • $HOME/.ssh/authorized_keys: The recommended permissions are read/write for the user, and not accessible by others, as shown in the following example output:
          -rw-------. 1 user user 1004 Jan 11 17:36 /home/user/.ssh/authorized_keys

      7. Repeat the steps for the remaining target nodes.

  4. Verify your user has SSH key-based access from the operator node:

    On the operator node, use ssh to connect to each of the other nodes and confirm login succeeds without being prompted for a password.

    For example, confirm key-based SSH access by running the ssh command on the operator node as follows: 

    ssh user@192.0.2.255

For more information on setting up SSH key-based authentication, see Oracle Linux: Connecting to Remote Systems With OpenSSH.