Set up SSH Key-based Authentication
Set up and verify SSH key-based authentication from the operator node to the Kubernetes nodes. Don't set a passphrase when creating the key pair as this prevents automatic processes from running seamlessly. Take appropriate steps to ensure the private key remains secure.
Set up SSH key-based authentication for the user that's to be used to
run the Platform CLI (olcnectl
) installation commands to enable login from
the operator node to each Kubernetes node and to the Platform API Server node.
The following steps show one method of setting up SSH key-based authentication.
-
Generate the private and public key pair. On the operator node, run
ssh-keygen
as the user that you use to runolcnectl
commands. Don't create a passphrase for the key (press<Enter>
when prompted for a passphrase). For example:ssh-keygen
Output similar to the following is displayed:
Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa):<Enter> Enter passphrase (empty for no passphrase): <Enter> Enter same passphrase again: <Enter> Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. ...
-
Verify the location of the private and public key pair. Verify the private and public key pair have been created at the location reported in the
ssh-keygen
command output:ls -l /home/user/.ssh/
Output similar to the following is displayed:
... -rw-------. 1 user user 2643 Jan 10 14:55 id_rsa -rw-r--r--. 1 user user 600 Jan 10 14:55 id_rsa.pub ...
The public key is indicated by the file with the “
.pub
” extension. -
Set up the public key on the target nodes. Add the contents of the public key to the
$HOME/.ssh/authorized_keys
file on each target node for the user for which the key-based SSH is being set up.On the operator node, run the
ssh-copy-id
command. The syntax is:ssh-copy-id user@host
When prompted you enter the user’s password for the host. After the command successfully completes, the public key’s contents have been added to the copy of the user’s
$HOME/.ssh/authorized_keys
file on the remote host.The following example shows how command
ssh-copy-id
can be used to add the public key to theauthorized_keys
file for user on host192.0.2.255
:ssh-copy-id user@192.0.2.255
-
Verify the user has SSH key-based access from the operator node. On the operator node, use
ssh
to connect to each of the other nodes and confirm login succeeds without being prompted for a password.For example, confirm key-based SSH access by running the
ssh
command on the operator node as follows:ssh user@192.0.2.255
For more information on setting up SSH key-based authentication, see Oracle Linux: Connecting to Remote Systems With OpenSSH.