Public-Key Authentication

  1. Obtain the public key of the role you want to authorize. You can do this on the ​Administration→Deployment→Deploy and Configure SSH target hosts​​ page.

  2. Authorize the public key to the target user on the target host. In OpenSSH for example, this is done by appending the public key to the authorized_keys file, typically located at ​​~/.ssh/authorized_keys​​.

    All the members of the role should now be able to connect to the target user with public-key authentication.

  3. Ensure the authorized_keys file and its parent directories have correct permissions and ownership. Running the following commands sets the file and folder permissions:

    $ chmod 0700 ~/.ssh/
    $ chmod 0644 ~/.ssh/authorized_keys
  4. Verify that login to target user works without password. If login does not work, review syslog files from the target server. Correct syslog file containing SSHD login error information varies per Linux/Unix system and syslog setup. Below are some example commands to search for SSH login error information:

    # grep sshd /var/log/messages
    # grep sshd /var/log/auth
    # grep sshd /var/log/secure