How to set up SSH for No Password on SunOS

This setup will allow you to log in to another account without having to provide the password.

     Identify the Sun Server’s and its user id’s among which you wish to enable secure session without passwords. The below steps concentrates on SSH2, the second version of SSH. Don’t use the first version any longer; it contains security bugs. Also, older versions of the second version’s SSH might contain security bugs.

Check with ssh -V that your version matches the latest one available from OpenSSH.

root@ffus # ssh -V
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

If you can’t find any of the SSH commands (ssh and scp, for instance) on your system, get the SSH package first and install it. This suite should also install the ssh-keygen command on your machine. Make sure that SSH is installed on every system that you want to access.
Starting from the Solaris 9 OS, SSH is included in the distribution. If you can’t find a package suitable for your version, refer to the OpenSSH web site for the source, and then download, unpack, read the README, compile, and install. Systems missing OpenSSL have to add that package as well for SSH to work.
Test, for example, ssh localserver; this will create a .ssh subdirectory in your $HOME directory. SSH among UNIX users residing on the same Server.

Assumptions:
UNIX Server: ffus
User 1: root
User 2: oraffus
User 3: appffus

Requirement: You want to provide secure shell session between User 1 & User 2 and User 1 and User 3 with no passwords.

This means that User 1 root can execute commands, shell scripts in User 2 oraffus shell and User3 appffus shell without providing passwords.

Create personal SSH key in User 1
If this is first time you are creating SSH key then its possible that User 1 does not have “.ssh” directory in its home directory. If the “.ssh” directory exists then possibly the SSH key has been generated. Check the directory for the key. Alternatively you can re-create the key as follows.
—————–
root@ffus # hostname
ffus
root@ffus # id
luid=0(root) gid=0(root)
root@ffus # ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (//.ssh/id_dsa):
Created directory ‘//.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in / /.ssh/id_dsa.
Your public key has been saved in /t/.ssh/id_dsa.pub.
The key fingerprint is:
7f:95:e0:76:3b:77:80:6a:d0:9a:3c:eb:d2:b2:32:a8
root@ffus
———————–

This creates id_dsa and id_dsa.pub in $HOME/.ssh. If you want to enable remote connections that don’t require a password, do not enter a passphrase. If you do enter a non-empty passphrase, when connecting to the remote server you will be asked for the passphrase instead of the password!
———————–

root@ffus # cd /.ssh
root@ffus # pwd
/.ssh
root@ffus #
root@ffus # ls -lrt
total 14
-rw——- 1 root root 668 Sep 19 14:18 id_dsa
-rw-r–r– 1 root root 600 Sep 19 14:18 id_dsa.pub
-rw-r–r– 1 root root 670 Sep 21 11:42 known_hosts
root@ffus #
——————

Rename the key generated ida_dsa.pub to reflect the uniquely the key of user id on that server. i.e., rename id_dsa.pub to root_ffus_dsa.pub.

Append the public key to the file authorized_keys2:
root@ffus # cat root_ffus_dsa.pub >>authorized_keys2
Don’t worry if authorized_keys2 does not yet exist before you execute this command.

root@ffus # ls -lrt

total 14
-rw——- 1 root root 668 Sep 19 14:18 id_dsa
-rw-r–r– 1 root root 600 Sep 19 14:18 root_ffus_dsa.pub
-rw-r–r– 1 root root 1808 Sep 19 15:21 authorized_keys2
-rw-r–r– 1 root root 670 Sep 21 11:42 known_hosts
root@ffus #

Create personal SSH key in User 2

As done for User 1 carry out the same steps for User 2.
$ hostname
ffus
$ id
uid=100(oraffus) gid=101(dba)
$ pwd
/home/oraffus
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oraffus/.ssh/id_dsa): /home/oraffus/.ssh/oraffus_ffus _dsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oraffus/.ssh/oraffus_ffus_dsa.
Your public key has been saved in /home/oraffus/.ssh/oraffus_ffus_dsa.pub.
The key fingerprint is:
15:05:69:cd:3e:6e:bc:9d:ba:6d:a7:15:0c:9f:ab:4d oraffus@ffus
$ cd .ssh
$ ls -lrt
total 6
-rw-r–r– 1 oraffus dba 222 Aug 29 16:43 known_hosts
-rw——- 1 oraffus dba 668 Sep 21 14:34 oraffus_ffus_dsa
-rw-r–r– 1 oraffus dba 604 Sep 21 14:34 oraffus_ffus_dsa.pub
$ cat oraffus_ffus_dsa.pub >>authorized_keys2
$ ls -lrttotal 8
-rw-r–r– 1 oraffus dba 222 Aug 29 16:43 known_hosts
-rw——- 1 oraffus dba 668 Sep 21 14:34 oraffus_ffus_dsa
-rw-r–r– 1 oraffus dba 604 Sep 21 14:34 oraffus_ffus_dsa.pub
-rw-r–r– 1 oraffus dba 604 Sep 21 14:35 authorized_keys2
$
 

.

Create personal SSH key in User 3.
As done for User 1 and 2 carry out the same steps for User 3.
$ hostname
ffus
$ id
uid=102(appffus) gid=101(dba)
$ pwd
/home/appffus
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/appffus/.ssh/id_dsa): /home/appffus/.ssh/appffus_ffus_dsa
Created directory ‘/home/appffus/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/appffus/.ssh/appffus_ffus_dsa.
Your public key has been saved in /home/appffus/.ssh/appffus_ffus_dsa.pub.
The key fingerprint is:
98:bc:68:49:7b:e2:05:5d:f9:ed:09:35:5d:4e:d3:ea appffus@ffus
$ cd .ssh
$ pwd
/home/appffus/.ssh
$ ls -lrt
total 4
-rw——- 1 appffus dba 668 Sep 21 14:38 appffus_ffus_dsa
-rw-r–r– 1 appffus dba 604 Sep 21 14:38 appffus_ffus_dsa.pub
$ cat appffus_ffus_dsa.pub >>authorized_keys2
$ ls -lrt
total 6
-rw——- 1 appffus dba 668 Sep 21 14:38 appffus_ffus_dsa
-rw-r–r– 1 appffus dba 604 Sep 21 14:38 appffus_ffus_dsa.pub
-rw-r–r– 1 appffus dba 604 Sep 21 14:38 authorized_keys2
$
 

Now you should already be able to make a secure connection to your own machine, using this account, without having to provide a password.

Check permissions on your keys and refer to the man page. The id_dsa file should be private, the other keys world readable.

On the remote server, generate keys in the same way for your account on that server.
Copy your public key into ~/.ssh/ on the remote server.
root@ffus # hostname
iffus
root@ffus # id
uid=0(root) gid=0(root)
root@ffus #
root@ffus # cp /home/appffus/.ssh/appffus_ffus_dsa.pub .
root@ffus # cp /home/oraffus/.ssh/oraffus_ffus_dsa.pub .
root@ffus # ls -lrt
total 18
-rw——- 1 root root 668 Sep 19 14:18 id_dsa
-rw-r–r– 1 root root 600 Sep 19 14:18 root_ffus_dsa.pub
-rw-r–r– 1 root root 1808 Sep 19 15:21 authorized_keys2
-rw-r–r– 1 root root 670 Sep 21 11:42 known_hosts
-rw-r–r– 1 root root 604 Sep 21 14:43 appffus_ffus_dsa.pub
-rw-r–r– 1 root root 604 Sep 21 14:44 oraffus_ffus_dsa.pub
root@ffus #
Do the same thing for the remote key; copy it into your local ~/.ssh directory:

root@ffus # scp root_ffus_dsa.pub oraffus@ffus:/home/oraffus/.ssh
Password:
root_ffus_dsa.pub 100% |***************************************************| 600 00:00
root@ffus # scp root_ffus_dsa.pub appffus@ffus:/home/appffus/.ssh
Password:
root_ffus_dsa.pub 100% |***************************************************| 600 00:00
root@ffus #
On both servers, append the key from the other server to the file authorized_keys2:
root@ffus # cat appffus_ffus_dsa.pub >>authorized_keys2
root@ffus # cat oraffus_ffus_dsa.pub >>authorized_keys2
root@ffus # ls -lrt
total 20
-rw——- 1 root root 668 Sep 19 14:18 id_dsa
-rw-r–r– 1 root root 600 Sep 19 14:18 root_ffus_dsa.pub
-rw-r–r– 1 root root 670 Sep 21 11:42 known_hosts
-rw-r–r– 1 root root 604 Sep 21 14:43 appffus_ffus_dsa.pub
-rw-r–r– 1 root root 604 Sep 21 14:44 oraffus_ffus_dsa.pub
-rw-r–r– 1 root root 3016 Sep 21 14:53 authorized_keys2

$ cat root_ffus_dsa.pub >>authorized_keys2
$ ls -lrt
total 12
-rw——- 1 oraffus dba 668 Sep 21 14:34 oraffus_ffus_dsa
-rw-r–r– 1 oraffus dba 604 Sep 21 14:34 oraffus_ffus_dsa.pub
-rw-r–r– 1 oraffus dba 450 Sep 21 14:48 known_hosts
-rw-r–r– 1 oraffus dba 600 Sep 21 14:51 root_ffus_dsa.pub
-rw-r–r– 1 oraffus dba 1204 Sep 21 14:54 authorized_keys2
$

$ ls -lrt
total 10
-rw——- 1 appffus dba 668 Sep 21 14:38 appffus_ffus_dsa
-rw-r–r– 1 appffus dba 604 Sep 21 14:38 appffus_ffus_dsa.pub
-rw-r–r– 1 appffus dba 600 Sep 21 14:51 root_ffus_dsa.pub
-rw-r–r– 1 appffus dba 1204 Sep 21 14:54 authorized_keys2
$
Try to connect to the remote server now:
root@ffus # ssh oraffus@ffus “ls -la”
total 46
drwxr-xr-x 6 oraffus dba 512 Sep 19 11:56 .
drwxr-xr-x 4 root root 512 Jul 3 10:03 ..
-rw——- 1 oraffus dba 42 Sep 15 11:04 .bash_history
-rw-r–r– 1 oraffus dba 56 Aug 4 16:24 .profile
-rw——- 1 oraffus dba 8748 Sep 21 14:54 .sh_history
drwx—— 2 oraffus dba 512 Sep 21 14:51 .ssh
drwx—— 3 oraffus dba 512 Aug 29 16:43 .sunw
-rw-r–r– 1 oraffus dba 66 Aug 11 12:33 afiedt.buf
-rw-r–r– 1 oraffus dba 42 Jul 31 15:09 ffus.ffpl
-rwxr-xr-x 1 oraffus dba 1060 Sep 21 13:55 startDB_FFUS
-rwxr-xr-x 1 oraffus dba 1310 Sep 21 13:56 stopDB_FFUS
drwxr-xr-x 2 oraffus dba 512 Jul 31 15:09 testbkp
drwxr-xr-x 2 oraffus dba 512 Sep 19 11:57 work
root@ffus #

root@ffus # ssh appffus@ffus “ls -la”
total 1216
drwxr-xr-x 4 appffus dba 512 Sep 21 14:38 .
drwxr-xr-x 4 root root 512 Jul 3 10:03 ..
-rw——- 1 appffus dba 72 Sep 15 11:11 .bash_history
-rw-r–r– 1 appffus dba 99 Sep 21 09:51 .profile
-rw——- 1 appffus dba 83418 Sep 21 10:10 .sh_history
-rw-r–r– 1 appffus dba 570 Jul 17 13:47 t1
-rw-r–r– 1 appffus dba 465 Aug 23 14:47 t2
drwxr-xr-x 2 appffus dba 512 Jul 7 13:01 work
root@ffus #

.
Server1: ukdba.com
Server2: inddba.com
root@ukdba.com # hostname
ukdba.com
root@ukdba.com # id
uid=0(root) gid=0(root)
root@ukdba.com # pwd
/
root@ukdba.com # ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (//.ssh/id_dsa): //.ssh/root_ukdba.com_dsa
Created directory ‘//.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/root_ukdba.com_dsa.
Your public key has been saved in //.ssh/root_ukdba.com_dsa.pub.
The key fingerprint is:
e1:95:a5:09:e0:56:24:ac:e1:51:2a:73:c9:09:c5:e2 root@ukdba.com

root@ukdba.com # cd .ssh
root@ukdba.com # ls -lrt
total 4
-rw——- 1 root root 668 Sep 21 15:51 root_ukdba.com_dsa
-rw-r–r– 1 root root 603 Sep 21 15:51 root_ukdba.com_dsa.pub
root@ukdba.com # cat root_ukdba.com_dsa.pub >>authorized_keys2
root@ukdba.com # ls -lrt
total 6
-rw——- 1 root root 668 Sep 21 15:51 root_ukdba.com_dsa
-rw-r–r– 1 root root 603 Sep 21 15:51 root_ukdba.com_dsa.pub
-rw-r–r– 1 root root 603 Sep 21 15:52 authorized_keys2


root@inddba.com # hostname

inddba.com
root@inddba.com # id
uid=0(root) gid=0(root)
root@inddba.com # pwd
/
root@inddba.com # ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (//.ssh/id_dsa): //.ssh/root_inddba.com_dsa
Created directory ‘//.ssh’.Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/root_inddba.com_dsa.
Your public key has been saved in //.ssh/root_inddba.com_dsa.pub.
The key fingerprint is:
62:39:aa:8b:04:c6:81:36:15:08:99:75:5e:26:04:86 root@inddba.com
root@inddba.com # ls -lrt
total 4
root@inddba.com # ls -lrt
total 6
-rw——- 1 root root 668 Sep 21 15:55 root_inddba.com_dsa
-rw-r–r– 1 root root 603 Sep 21 15:55 root_inddba.com_dsa.pub
-rw-r–r– 1 root root 603 Sep 21 15:56 authorized_keys2
root@inddba.com #
$ hostname
ukdba.com
$ id
uid=102(oaprod) gid=100(dba)
$ pwd
/home/oaprod
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oaprod/.ssh/id_dsa): /home/oaprod/.ssh/oaprod_ukdba.com_dsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oaprod/.ssh/oaprod_ukdba.com_dsa.
Your public key has been saved in /home/oaprod/.ssh/oaprod_ukdba.com_dsa.pub.
The key fingerprint is:
26:d5:11:3b:92:eb:fb:3d:20:f0:ab:54:db:d1:f1:13 oaprod@ukdba.com
$ cd .ssh
$ pwd
/home/oaprod/.ssh
$ ls -lrt
total 6
-rw-r–r– 1 oaprod dba 228 Sep 19 09:32 known_hosts
-rw——- 1 oaprod dba 668 Sep 21 15:57 oaprod_ukdba.com_dsa
-rw-r–r– 1 oaprod dba 606 Sep 21 15:57 oaprod_ukdba.com_dsa.pub
$ cat oaprod_ukdba.com_dsa.pub >>authorized_keys2
$ ls -lrt
total 8
-rw-r–r– 1 oaprod dba 228 Sep 19 09:32 known_hosts
-rw——- 1 oaprod dba 668 Sep 21 15:57 oaprod_ukdba.com_dsa
-rw-r–r– 1 oaprod dba 606 Sep 21 15:57 oaprod_ukdba.com_dsa.pub
-rw-r–r– 1 oaprod dba 606 Sep 21 15:58 authorized_keys2
$ hostname
inddba.com
$ id
uid=101(oaospxy) gid=100(dba)
$ pwd
/home/oaospxy
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oaospxy/.ssh/id_dsa): /home/oaospxy/.ssh/oaospxy_inddba.com_dsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oaospxy/.ssh/oaospxy_inddba.com_dsa.
Your public key has been saved in /home/oaospxy/.ssh/oaospxy_inddba.com_dsa.pub.
The key fingerprint is:
f1:4f:15:b4:6c:f1:c9:e9:31:79:37:ad:6e:09:71:0a oaospxy@inddba.com
$ cd .ssh
$ pwd
/home/oaospxy/.ssh
$ ls -lrt
total 6
-rw-r–r– 1 oaospxy dba 228 Sep 19 09:26 known_hosts
-rw——- 1 oaospxy dba 668 Sep 21 16:03 oaospxy_inddba.com_dsa
-rw-r–r– 1 oaospxy dba 606 Sep 21 16:03 oaospxy_inddba.com_dsa.pub
$ cat oaospxy_inddba.com_dsa.pub >>authorized_keys2
$ ls -lrt
total 8
-rw-r–r– 1 oaospxy dba 228 Sep 19 09:26 known_hosts
-rw——- 1 oaospxy dba 668 Sep 21 16:03 oaospxy_inddba.com_dsa
-rw-r–r– 1 oaospxy dba 606 Sep 21 16:03 oaospxy_inddba.com_dsa.pub
-rw-r–r– 1 oaospxy dba 606 Sep 21 16:03 authorized_keys2
$

root@ukdba.com # hostname
ukdba.com
root@ukdba.com # id
uid=0(root) gid=0(root)
root@ukdba.com # pwd
/.ssh
root@ukdba.com # ls -lrt
total 8
-rw——- 1 root root 668 Sep 21 15:51 root_ukdba.com_dsa
-rw-r–r– 1 root root 603 Sep 21 15:51 root_ukdba.com_dsa.pub
-rw-r–r– 1 root root 603 Sep 21 15:52 authorized_keys2
-rw-r–r– 1 root root 231 Sep 21 16:07 known_hosts
root@ukdba.com # scp oaospxy@inddba.com:/apphome/oaospxy/.ssh/oaospxy_inddba.com_dsa.pub .
The authenticity of host ‘inddba.com (192.9.100.10)’ can’t be established.
RSA key fingerprint is 12:b0:35:37:07:2d:b3:f2:f7:80:1f:24:f5:f1:03:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘inddba.com,192.9.100.10’ (RSA) to the list of known hosts.Password:
oaospxy_inddba.com_dsa 100% |**************************************************************************| 606 00:00
root@ukdba.com #
root@ukdba.com # scp root_ukdba.com_dsa.pub oaospxy@inddba.com:/apphome/oaospxy/.ssh
Password:
root_ukdba.com_dsa.pu 100%

root@ukdba.com # cp root_ukdba.com_dsa.pub /home/oaprod/.ssh
root@ukdba.com # ls -lrt
total 14
-rw——- 1 root root 668 Sep 21 15:51 root_ukdba.com_dsa
-rw-r–r– 1 root root 603 Sep 21 15:51 root_ukdba.com_dsa.pub
-rw-r–r– 1 root root 603 Sep 21 15:52 authorized_keys2
-rw-r–r– 1 root root 462 Sep 21 16:13 known_hosts
-rw-r–r– 1 root root 606 Sep 21 16:13 oaospxy_inddba.com_dsa.pub
-rw-r–r– 1 root root 606 Sep 21 16:16 oaprod_ukdba.com_dsa.pub
root@ukdba.com # cat oaospxy_inddba.com_dsa.pub >>authorized_keys2
root@ukdba.com # cat oaprod_ukdba.com_dsa.pub >>authorized_keys2

$ hostname
ukdba.com
$ id
uid=102(oaprod) gid=100(dba)
$ pwd
/home/oaprod/.ssh
$ ls -lrt
total 10
-rw-r–r– 1 oaprod dba 228 Sep 19 09:32 known_hosts
-rw——- 1 oaprod dba 668 Sep 21 15:57 oaprod_ukdba.com_dsa
-rw-r–r– 1 oaprod dba 606 Sep 21 15:57 oaprod_ukdba.com_dsa.pub
-rw-r–r– 1 oaprod dba 606 Sep 21 15:58 authorized_keys2
-rw-r–r– 1 root root 603 Sep 21 16:17 root_ukdba.com_dsa.pub
$ cat root_ukdba.com_dsa.pub >>authorized_keys2
$ ls -lrt
total 12
-rw-r–r– 1 oaprod dba 228 Sep 19 09:32 known_hosts
-rw——- 1 oaprod dba 668 Sep 21 15:57 oaprod_ukdba.com_dsa
-rw-r–r– 1 oaprod dba 606 Sep 21 15:57 oaprod_ukdba.com_dsa.pub
-rw-r–r– 1 root root 603 Sep 21 16:17 root_ukdba.com_dsa.pub
-rw-r–r– 1 oaprod dba 1209 Sep 21 16:20 authorized_keys2
$
$ hostname
inddba.com
$ id
uid=101(oaospxy) gid=100(dba)
$ pwd
/apphome/oaospxy/.ssh
$ ls -lrt
total 10
-rw-r–r– 1 oaospxy dba 228 Sep 19 09:26 known_hosts
-rw——- 1 oaospxy dba 668 Sep 21 16:03 oaospxy_inddba.com_dsa
-rw-r–r– 1 oaospxy dba 606 Sep 21 16:03 oaospxy_inddba.com_dsa.pub
-rw-r–r– 1 oaospxy dba 606 Sep 21 16:03 authorized_keys2
-rw-r–r– 1 oaospxy dba 603 Sep 21 16:24 root_ukdba.com_dsa.pub
$ cat root_ukdba.com_dsa.pub >>authorized_keys2
$ ls -lrt
total 12
-rw-r–r– 1 oaospxy dba 228 Sep 19 09:26 known_hosts
-rw——- 1 oaospxy dba 668 Sep 21 16:03 oaospxy_inddba.com_dsa
-rw-r–r– 1 oaospxy dba 606 Sep 21 16:03 oaospxy_inddba.com_dsa.pub
-rw-r–r– 1 oaospxy dba 603 Sep 21 16:24 root_ukdba.com_dsa.pub
-rw-r–r– 1 oaospxy dba 1209 Sep 21 16:26 authorized_keys2
$

About the Author Rajat

I am Rajat Dey and I have more than decade of Oracle experience from all major regions throughout the globe. I am well versed in most facets of Oracle, supporting database, fusion middleware and the eBusiness suite across many operating system platforms.Currently I am located in Sydney  Oracle Financials 11i and Release 12,12.2  Oracle RDBMS 7x,8i , 9i,10g and 11g  Amazon cloud .  Oracle RAC 10g and 11g  Oracle Applications Server  Oracle Web logic Server  OBIEE  Hyperion  SSO  Oracle Portal  PL/SQL  UNIX  SQL  MS-SQL 2008.  OEM 12c .  Data Guard .  Essbase .  Database backup and recovery.  Performance Tunning.  TimeSten

Leave a Comment:

4 comments
Add Your Reply