CLI Cookbook: Setting Up SSH Key Authentication for UNIX Environment Users
Reference / Command Line Interface Guide / CLI Cookbook: Common Workflows, Tasks, and Examples / CLI Cookbook: Authentication and Users / CLI Cookbook: Setting Up SSH Key Authentication for UNIX Environment Users

This topic describes adding public key authentication for a UNIX environment user, thus allowing the Delphix server to connect to your UNIX Environments without an explicit password. This method uses the Delphix CLI in order to set up the environment user and gather SSH public keys. It is also possible to perform these actions in the Delphix Management application by navigating to ManageEnvironments and selecting Public Key as the Login Type for the environment. For details, see Managing Environments.

UNIX host environments (and Oracle cluster environments) can have users configured to use SSH-key based public key authentication instead of the traditional password authentication method. Within Delphix, there is a per-system SSH public key that can be placed into the ~/.ssh/authorized_keys file of the remote user. Once this has been done, the Delphix environment user can be configured to use the private key instead of an explicit password.

Prerequisites

  • You must be able to log into the remote host (or all hosts of an Oracle cluster) and have write access to the ~/.ssh/authorized_keys file within the desired user's home directory.

Procedure

  1. Get the current system public key:

    delphix> system get sshPublicKey
    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAse1M7uJX44lVPBljhnxB6MZUTx8VF6cupaVATg120lQonIqx29lP+Mwp0AWh7C983IDoYDo+AY7RXpcFP9nKksiJnGSGiK6wo9RIiqSnF1x/VXNkTt2/67RVofoiui4W5fuxD4hOIvoTr47Bg1hh9L6nhP0tnUvS/rusHFJ+ogxGHm46mwNlgUJUGmLTNao+W0YU693HRLukEch01t4k6olVGaC0eLjYlgBf0Z5XiIcBX6ZWqVHAhwMinVjAvmfQhirAgCI7gYrd5/PwNl/DC8xyhWuxd2jgA7sSPeRqWY0JHt/xcmdpIaPxTwtxQLKTnPxrFrQd+l4uf6LKxr5g7w== root@delphix
  2. Add this key (starting with ssh-rsa) to the remote user's ~/.ssh/authorized_keys file. You will need to get access to this file using an alternate authentication mechanism (such as logging in as the user with a password, or logging in as an administrator). Depending on the target OS, you may need to do the following:

    1. If the directory does not exist:

      $ mkdir ~/.ssh

    2. If creating the file or directory as an administrator:

      # chown -R <username> <home>/.ssh

    3. If required by the host SSH configuration, ensure the directory is not world readable:

      $ chmod 600 ~/.ssh/authorized_keys
$ chmod 755 ~ 

  3. Create a new environment user:

    delphix> environment user create

  4. Set the user environment and name:

    delphix environment user create *> set environment=environment1
delphix environment user create *> set name=username 

  5. Set the user credential type to SystemKeyCredential:

    delphix environment user create *> set credential.type=SystemKeyCredential

  6. Commit the results:

    delphix environment user create *> commit

Related Links