Linux SSH Authentication

KodeKloud Engineer
#13

@labheshp add thor’s key (from jump host) to respective sudo users of apps. (for example tony for app server 1)

#14

@Inderpreet

Please advise what was incorrect in my case or missing steps

SSH_Passwordless
SSH_Passwordless720×296 11 KB

#15

@Inderpreet
SSH_Passwordless1

#16

@Inderpreet I have made the same mistake, I have created the user thor as passwordless authentication user and my task get failed.
Request you to please update the task scenario with clear instruction so that it will be easy for us to give it a try and accomplish the task.
I have done all the things right but still my task fails.

#17

@Ali

Your ssh commands for example sudo ssh [email protected], its actually making ssh connection using user root from jump host since you used sudo. You should have tried without sudo so that you could test if user thor is able to ssh without any password.

#18

@Inderpreet

Your right, i used /root/.ssh config … rather than using ~/ .ssh/id…

The ~/.ssh would be local to the user you are logged in and want to install the
keys on banner@IP

#19

1
1645×506 45.5 KB
2

Not sure why this task is marked as failed. I tested passwordless SSH and Sudo to all App Servers without password, and they all work perfectly.

Going by the question, user thor is required to have passwordless SSH to all app Servers. Please advise

#20

We have to make it a password less authentication sudo user of app servers like tony for app server 1 steve for app server 2 so on. Not a thor user of app server 1. Hope you got it my point.

#21

Thanks, I got the point, however, it wasn’t very clear as to whether the Passwordless SSH is required for thor or the respective user.

@mmumshad , can I have this task reset, so that I can redo it. I set up passwordless SSH for thor instead of the respective users for the app servers.

Thanks

#22

Currently my tasks failed . Is it possible to make that as pending to re do task. Get confused due to recent expired tasks

#23

These expired/failed tasks will be be assigned to you sometime in future as you will be getting repetitive tasks sometime so you can definitely give it an another chance then.

1 Like
#24

@mmumshad could you please give me another chance on this, as I understood the task the same way as the other colleagues? As shown in the screenshot, I used the user thor that existed on the app servers.
Thanks!

Passwordless SSH
Passwordless SSH1920×1005 191 KB

#25

This task will be assign you in future so be ready for upcoming tasks.

#26

Solution For This
for appst01
ssh-keygen -t rsa
ssh [email protected] mkdir -p .ssh
cat /home/thor/.ssh/id_rsa.pub | ssh [email protected] ‘cat >> .ssh/authorized_keys’
ssh [email protected] “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”
ssh [email protected]
exit

for appst02
ssh [email protected] mkdir -p .ssh
cat /home/thor/.ssh/id_rsa.pub | ssh [email protected] ‘cat >> .ssh/authorized_keys’
ssh [email protected] “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”
ssh [email protected]
exit

for appst01
ssh [email protected] mkdir -p .ssh
cat /home/thor/.ssh/id_rsa.pub | ssh [email protected] ‘cat >> .ssh/authorized_keys’
ssh [email protected] “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”
ssh [email protected]
exit

1
11074×752 61.9 KB
2
21112×467 63.3 KB
3
31129×476 70.2 KB
4
41130×523 74 KB

1 Like
#27

The task says “Set up a password-less authentication for user thor on jump host to all app servers through their respective sudo users”

but it is verified against the other users.
"We tried ‘ssh tony@stapp01’ from user ‘thor’ on jump host but it didn’t work

Even I failed the task because I made work only for thor user.

image
image764×294 9.88 KB

#28

@mihsan Question says thor on jump host to all app servers through their respective sudo users for example tony for app server 1. So if task is about to setup SSH between jump host and app server 1, it should be from user thor (on jump host) to user tony on app server 1.

#29

Reference or one of the approach to this question - Linux SSH Authentication ( Passwordless SSH ) can be as follows -

  1. Login to all the app servers and create authorized_keys file in specific users .ssh home directory as shown below -
    touch ~/.ssh/authorized_keys
  2. Change the permission of file to 600
  3. Now on jump_host generate the keys using command - ssh-keygen -t rsa
    Note - Just press enter for every question asked.
  4. Finally scp the ~/.ssh/id_rsa.pub from jump_host to all the app servers as shown below using respective passwords.
    Example - scp ~/.ssh/id_rsa.pub tony@stapp01:/home/tony/.ssh/authorized_keys

With above steps , you will be able to set the passwordless ssh from jump_host server for user thor to all the stapp server respective users.

1 Like
#30

I was able to complete this task, but I agree with you … this questions is not so clear.
This is not the only ambiguous question I saw … Think the program admins should formulate clear questions.

#31

Hello, @anauecuri
In the task, they mentioned about passwordless SSH access to all app servers through their respective sudo users. I believe all app server sudo user is tony, steve and banner. What is the confusion part?

#32

Yes. I believe the question is very clear. There are scripts on Jumphost and you want to run those scripts on the app servers without logging to the servers with password always. SO you have to enable passworldless SSH access from jumpost to the app servers. Solution is to generate public key in jumphost and copy the key to all the servers by using
ssh-copy-id username_of_the_app_server@app_server_name(ie.,stapp01/stapp02/stapp03).
And verify it by ssh <<username_of_the_app_server>>@<<app_server_name>>. It shouldnt ask for password now.