1. Quick Installation for Release 1.8
  2. Prerequisites
  3. Set up SSH Key-based Authentication

Set up SSH Key-based Authentication

Set up and verify SSH key-based authentication from the operator node to the Kubernetes nodes. Don't set a passphrase when creating the key pair as this prevents automatic processes from running seamlessly. Take appropriate steps to ensure the private key remains secure.

Set up SSH key-based authentication for the user that's to be used to run the Platform CLI (olcnectl) installation commands to enable login from the operator node to each Kubernetes node and to the Platform API Server node.

The following steps show one method of setting up SSH key-based authentication.

  1. Generate the private and public key pair. On the operator node, run ssh-keygen as the user that you use to run olcnectl commands. Don't create a passphrase for the key (press <Enter> when prompted for a passphrase). For example: 

    ssh-keygen

    Output similar to the following is displayed:

    Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):<Enter>
Enter passphrase (empty for no passphrase): <Enter>
Enter same passphrase again: <Enter>
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
...

  2. Verify the location of the private and public key pair. Verify the private and public key pair have been created at the location reported in the ssh-keygen command output: 

    ls -l /home/user/.ssh/

    Output similar to the following is displayed:

    ...
-rw-------. 1 user user 2643 Jan 10 14:55 id_rsa
-rw-r--r--. 1 user user  600 Jan 10 14:55 id_rsa.pub
...

    The public key is indicated by the file with the “.pub” extension.

  3. Set up the public key on the target nodes. Add the contents of the public key to the $HOME/.ssh/authorized_keys file on each target node for the user for which the key-based SSH is being set up.

    On the operator node, run the ssh-copy-id command. The syntax is: 

    ssh-copy-id user@host

    When prompted you enter the user’s password for the host. After the command successfully completes, the public key’s contents have been added to the copy of the user’s $HOME/.ssh/authorized_keys file on the remote host.

    The following example shows how command ssh-copy-id can be used to add the public key to the authorized_keys file for user on host 192.0.2.255 : 

    ssh-copy-id user@192.0.2.255

  4. Verify the user has SSH key-based access from the operator node. On the operator node, use ssh to connect to each of the other nodes and confirm login succeeds without being prompted for a password.

    For example, confirm key-based SSH access by running the ssh command on the operator node as follows: 

    ssh user@192.0.2.255

For more information on setting up SSH key-based authentication, see Oracle Linux: Connecting to Remote Systems With OpenSSH.