This topic describes adding public key authentication for a UNIX environment user, thus allowing the Delphix server to connect to your UNIX Environments without an explicit password. This method uses the Delphix CLI in order to set up the environment user and gather SSH public keys. It is also possible to perform these actions in the Delphix Engine Admin interface by navigating to Manage > Environments and selecting Public Key as the Login Type for the environment. For details, see Managing Environments.
UNIX host environments (and Oracle cluster environments) can have users configured to use SSH-key based public key authentication instead of the traditional password authentication method. Within Delphix, there is a per-system SSH public key that can be placed into the
~/.ssh/authorized_keys file of the remote user. Once this has been done, the Delphix environment user can be configured to use the private key instead of an explicit password.
- You must be able to log into the remote host (or all hosts of an Oracle cluster) and have write access to the
~/.ssh/authorized_keysfile within the desired user's home directory.
Get the current system public key:
delphix> system get sshPublicKey ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAse1M7uJX44lVPBljhnxB6MZUTx8VF6cupaVATg120lQonIqx29lP+Mwp0AWh7C983IDoYDo+AY7RXpcFP9nKksiJnGSGiK6wo9RIiqSnF1x/VXNkTt2/67RVofoiui4W5fuxD4hOIvoTr47Bg1hh9L6nhP0tnUvS/rusHFJ+ogxGHm46mwNlgUJUGmLTNao+W0YU693HRLukEch01t4k6olVGaC0eLjYlgBf0Z5XiIcBX6ZWqVHAhwMinVjAvmfQhirAgCI7gYrd5/PwNl/DC8xyhWuxd2jgA7sSPeRqWY0JHt/xcmdpIaPxTwtxQLKTnPxrFrQd+l4uf6LKxr5g7w== root@delphix
- Add this key (starting with
ssh-rsa) to the remote user's
~/.ssh/authorized_keysfile. You will need to get access to this file using an alternate authentication mechanism (such as logging in as the user with a password, or logging in as an administrator). Depending on the target OS, you may need to do the following:
If the directory does not exist:
$ mkdir ~/.ssh
If creating the file or directory as an administrator:
# chown -R <username> <home>/.ssh
If required by the host SSH configuration, ensure the directory is not world readable:
$ chmod 600 ~/.ssh/authorized_keys $ chmod 755 ~
Create a new environment user:
delphix> environment user create
Set the user environment and name:
delphix environment user create *> set environment=environment1 delphix environment user create *> set name=username
Set the user credential type to
delphix environment user create *> set credential.type=SystemKeyCredential
Commit the results:
delphix environment user create *> commit