1 Reply Latest reply: Aug 26, 2014 1:52 PM by Brent Gardner RSS

    Passwordless cert-based SSH login?

    Brent Gardner Newbie

      I'm trying to enable passwordless cert-based SSH login on our CS220.

       

      My personal workstation runs CentOS 6.  So far I've followed guidance in https://connect.nimblestorage.com/message/1876#1876

       

      When I log in, the Nimble still prompts for a password.

       

      What should I be looking at for troubleshooting?  Can't seem to find any logs except what's in the web interface, and that only lists events related to storage.

        • Re: Passwordless cert-based SSH login?
          Brent Gardner Newbie

          After some research, found the problem.

           

          The rfenton's howto referenced above says to cat the client-side id_rsa.pub and copy the contents to the clipboard, then paste the contents into this command on the Nimble:

           

              sshkey --add richkey --type rsa --key <key contents>

           

           

          On my CentOS 6 workstation, when I cat my id_rsa.pub file I get something like this:

           

              ssh-rsa <a bunch of encrypted text> <username>@<my workstation hostname>

           

           

          I tried using this output verbatim in the sshkey command and couldn't log in to the Nimble passwordlessly.

           

          Troubleshooting, I used this command on the Nimble:

           

              sshkey --info richkey

           

           

          I didn't actually use 'richkey' as the name of my key, but we'll go with that for this example.

           

          The command returned this information:

           

              Name: richkey

              Type: rsa

              Key: ssh-rsa

           

           

          So it's not picking up the entire key contents.  Deleted the key then tried putting the key contents in quotes:

           

              sshkey --delete richkey

           

              sshkey --add richkey --type rsa --key "ssh-rsa <a bunch of encrypted text> <username>@<my workstation hostname>"

           

           

          Still can't log in without using a password.

           

          Deleted the key and tried again, leaving off the ssh-rsa:

           

              sshkey --add richkey --type rsa --key "<a bunch of encrypted text> <username>@<my workstation hostname>"

           

           

          This worked.  I can now log in without entering a password.  This facilitates scripting.  I'll be using this to gather data for Nagios.