Passwordless SSH into Solaris machines

[textex]

I'm new to TrueNas, and I'm trying to set up a bash replication script that transfers data to remote machines via ssh. The remote machines are not running TrueNas (they are Solaris based).

I've tried following as guides:

HOWTO: set up ssh keys

/core/uireference/system/sshkeypairs/

How to configure passwordless ssh in Solaris – The Geek Diary

The post details out steps to configure passwordless ssh using RSA Public Key Authentication, in other words : passwordless login using public Key. This procedure is used to reduce the number of login prompts needed to do secure remote login with Sun Secure Shell (SSH) this including also SCP (...

www.thegeekdiary.com

I get the public SSH key to the client machine, but I can't get TrueNas to operate without asking for a PW.

Do folks have a "How to" site for passwordless ssh to TrueNas?

Thanks

 

[kherr]

I tried endlessly to do the same with a Qnap. I found you basically have to be a "code monkey" to insert stuff into config files on the target and a password file on the TN. I gave up and am "lighting up" a backup TrueNas target in the next week after fighting it for a year.

Good Luck, but there are ways ......

 

[textex]

Yes, I could go the TN route, but I have 10 years of Solaris confidence, and I'm new to TN.

If TN is as solid as Solaris, I'll convert all the servers. I was hoping to keep a couple of machines Solaris until I was more confident with TN.

Hopefully there's someone who knows how to do cli passwordless login out there...

 

[Spearfoot]

I'm new to TrueNas, and I'm trying to set up a bash replication script that transfers data to remote machines via ssh. The remote machines are not running TrueNas (they are Solaris based).

I've tried following as guides:

HOWTO: set up ssh keys

/core/uireference/system/sshkeypairs/

How to configure passwordless ssh in Solaris – The Geek Diary

The post details out steps to configure passwordless ssh using RSA Public Key Authentication, in other words : passwordless login using public Key. This procedure is used to reduce the number of login prompts needed to do secure remote login with Sun Secure Shell (SSH) this including also SCP (...

www.thegeekdiary.com

I get the public SSH key to the client machine, but I can't get TrueNas to operate without asking for a PW.

Do folks have a "How to" site for passwordless ssh to TrueNas?

Thanks

Let me understand what direction you want to go with your private key login setup:

Do you want to login from Solaris to TrueNAS?
Or from TrueNAS to the Solaris?
Or both ways?

 

[rvassar]

If your environment requires the ssh keys be password protected, you need an ssh-agent and pass the appropriate environment to the script. Otherwise, you need to pay close attention to file permissions. OpenSSH is going to be quite picky here. The ~/.ssh/authorized_keys file must be mode 0600. You can troubleshoot manually by adding the "-v" option. More v's give more debug info up to "-vvv".

FWIW - I'm ex-Sun. TrueNAS is built on FreeBSD, which is very very good. It's not quite Solaris in terms of stability, but it's quite respectable. You'll have to pay close attention to your application stack, domains vs jails, dtrace, pthreads vs solaris threads, supported JVM's, etc...

 

[textex]

I'm trying to run a bash script on TN to send data to Solaris machines. The TN machine keeps getting prompts for a PW, even if I follow the guides in the first post, I can't seem to get PWless logins for the TN machine.

I guess I['m asking for a "how to" on passwordless ssh from TN machines to other machines (non-TN).

 

[Stux]

I'm trying to run a bash script on TN to send data to Solaris machines. The TN machine keeps getting prompts for a PW, even if I follow the guides in the first post, I can't seem to get PWless logins for the TN machine.

I guess I['m asking for a "how to" on passwordless ssh from TN machines to other machines (non-TN).

if you look in the manual for setting up rsync tasks to non-truenas machines it contains instructions for setting up password less ssh.

This worked for me.

 

[Spearfoot]

I'm trying to run a bash script on TN to send data to Solaris machines. The TN machine keeps getting prompts for a PW, even if I follow the guides in the first post, I can't seem to get PWless logins for the TN machine.

I guess I['m asking for a "how to" on passwordless ssh from TN machines to other machines (non-TN).

The guide you linked above covers all the basics. The gist of it is that you want to paste your TrueNAS user's public key -- often named id_rsa.pub -- into the authorized_keys file on the Solaris machine.

If you're working with the root account on your TrueNAS system, the public key will be in /root/.ssh, for other users it will be in their home directory -- often something like /home/spearfoot/.ssh. Regardless of user, ~/.ssh will get you there.

Same thing on the Solaris side, except there you want to create or append the TrueNAS public key into the authorized_keys file in the SSH directory (~/.ssh. And the file needs to have 0600 permissions, like this:

Code:

root@bacon:~/.ssh # ll
total 9
-rw-------  1 root  wheel  3042 Sep  5  2020 authorized_keys
-rw-------  1 root  wheel  1679 Aug 15  2020 id_rsa
-rw-r--r--  1 root  wheel   406 Sep  5  2020 id_rsa.pub
-rw-r--r--  1 root  wheel  1327 Sep  5  2020 known_hosts
root@bacon:~/.ssh # pwd -P
/root/.ssh
root@bacon:~/.ssh #

The guide's author gives a couple of examples of how to upload the public key, and either should work. You can also use something like WinSCP if you have a Windows workstation attached to both servers.

 

[textex]

@Stux - I tried that section and was still prompted for a PW. That's why I was hoping someone had tried a Solaris client with success.

@Spearfoot - I must be missing something. My steps:

1. ssh-keygen -t rsa
2. scp ~/.ssh/id_rsa.pub clientip:.ssh/authorized_keys2
3. added the key to known-hosts
4. and I still get the PW prompt.

I'm guessing I have an issue with known_hosts, vs known_hosts2 or authorized_keys vs authorized_keys2. I've done this on dozens of machines before TrueNas without issue. I cannot get it to work with TrueNas for some reason

I feel like a step by step where someone has had success would be helpful, if one exists.

 

[Spearfoot]

@Stux - I tried that section and was still prompted for a PW. That's why I was hoping someone had tried a Solaris client with success.

@Spearfoot - I must be missing something. My steps:

1. ssh-keygen -t rsa
2. scp ~/.ssh/id_rsa.pub clientip:.ssh/authorized_keys2
3. added the key to known-hosts
4. and I still get the PW prompt.

I'm guessing I have an issue with known_hosts, vs known_hosts2 or authorized_keys vs authorized_keys2. I've done this on dozens of machines before TrueNas without issue. I cannot get it to work with TrueNas for some reason

I feel like a step by step where someone has had success would be helpful, if one exists.

I've never worked on Solaris, but I have worked on Red Hat, CentOS, Ubuntu, Debian, FreeNAS/TrueNAS, etc. Setting up SSH is very similar on all of them.

Why are you adding the public key to authorized_keys2? Shouldn't the filename be authorized_keys instead?

Is your scp copying the file to the intended location? Log on to the Solaris box and check to see whether your public key is getting added to /root/.ssh/authorized_keys. If it's not, try something else (WinSCP, etc.) One alternative would be to just copy the public key to an alternative location on the Solaris machine and then use vi to manually add it to /root/.ssh/authorized_keys. There's always more than one way to skin a cat!

You shouldn't have to tinker with known_hosts -- that contains host keys, not your public key, and most SSH systems will create an entry for you the first time you log on to a remote system. You have logged on to the TrueNAS box from the Solaris machine, right? And vice verse? Didn't your SSH client ask if you wanted to add a host key for the systems, the first time you logged on?

The guide also mentions some troubleshooting tips; checking for PubkeyAuthentication and/or RSAAuthentication being set to 'NO' in the daemon configuration file: /etc/ssh/sshd_config. Did you dig into that stuff?

Did you restart the SSH daemon on the Solaris box after tinkering with the settings?

This is straightforward SSH setup, nothing to do with TrueNAS/FreeNAS in particular, AFAICT.

 

[textex]

I melded your advice and one of the sites I listed and got it to work.

Now I'll play around and try to figure out what the key missing ingredient was - I tried so many things, I'm not sure what did the trick.

Thanks for the help, it's just in time for my evening backup.

 

[bisi]

1. ssh-keygen -t rsa
2. scp ~/.ssh/id_rsa.pub clientip:.ssh/authorized_keys2
3. added the key to known-hosts
4. and I still get the PW prompt.

I realize this is over a year old, but this little tidbit from /etc/ssh/sshd_config on my new TrueNAS 13 box (was troubleshooting a different SSH issue), might explain the problem:

Code:

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile    .ssh/authorized_keys