Linux SSH Authentication

Currently my tasks failed . Is it possible to make that as pending to re do task. Get confused due to recent expired tasks

These expired/failed tasks will be be assigned to you sometime in future as you will be getting repetitive tasks sometime so you can definitely give it an another chance then.

1 Like

@mmumshad could you please give me another chance on this, as I understood the task the same way as the other colleagues? As shown in the screenshot, I used the user thor that existed on the app servers.
Thanks!

This task will be assign you in future so be ready for upcoming tasks.

Solution For This
for appst01
ssh-keygen -t rsa
ssh [email protected] mkdir -p .ssh
cat /home/thor/.ssh/id_rsa.pub | ssh [email protected] ‘cat >> .ssh/authorized_keys’
ssh [email protected] “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”
ssh [email protected]
exit

for appst02
ssh [email protected] mkdir -p .ssh
cat /home/thor/.ssh/id_rsa.pub | ssh [email protected] ‘cat >> .ssh/authorized_keys’
ssh [email protected] “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”
ssh [email protected]
exit

for appst01
ssh [email protected] mkdir -p .ssh
cat /home/thor/.ssh/id_rsa.pub | ssh [email protected] ‘cat >> .ssh/authorized_keys’
ssh [email protected] “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”
ssh [email protected]
exit

1 Like

The task says “Set up a password-less authentication for user thor on jump host to all app servers through their respective sudo users”

but it is verified against the other users.
"We tried ‘ssh tony@stapp01’ from user ‘thor’ on jump host but it didn’t work

Even I failed the task because I made work only for thor user.

@mihsan Question says thor on jump host to all app servers through their respective sudo users for example tony for app server 1. So if task is about to setup SSH between jump host and app server 1, it should be from user thor (on jump host) to user tony on app server 1.

Reference or one of the approach to this question - Linux SSH Authentication ( Passwordless SSH ) can be as follows -

  1. Login to all the app servers and create authorized_keys file in specific users .ssh home directory as shown below -
    touch ~/.ssh/authorized_keys
  2. Change the permission of file to 600
  3. Now on jump_host generate the keys using command - ssh-keygen -t rsa
    Note - Just press enter for every question asked.
  4. Finally scp the ~/.ssh/id_rsa.pub from jump_host to all the app servers as shown below using respective passwords.
    Example - scp ~/.ssh/id_rsa.pub tony@stapp01:/home/tony/.ssh/authorized_keys

With above steps , you will be able to set the passwordless ssh from jump_host server for user thor to all the stapp server respective users.

1 Like

I was able to complete this task, but I agree with you … this questions is not so clear.
This is not the only ambiguous question I saw … Think the program admins should formulate clear questions.

Hello, @anauecuri
In the task, they mentioned about passwordless SSH access to all app servers through their respective sudo users. I believe all app server sudo user is tony, steve and banner. What is the confusion part?

Yes. I believe the question is very clear. There are scripts on Jumphost and you want to run those scripts on the app servers without logging to the servers with password always. SO you have to enable passworldless SSH access from jumpost to the app servers. Solution is to generate public key in jumphost and copy the key to all the servers by using
ssh-copy-id username_of_the_app_server@app_server_name(ie.,stapp01/stapp02/stapp03).
And verify it by ssh <<username_of_the_app_server>>@<<app_server_name>>. It shouldnt ask for password now.

This is a small thing but since I see other comments also on this so thought of writing this.

The question says Set up a password-less authentication for user thor on jump host to all app servers through their respective sudo users
This has two valid part (assuming no other back ground information is given) and mean differently.

  1. Set up a password-less authentication for user thor on jump host to all app servers.
  2. Set up a password-less authentication to all app servers through their respective sudo users.

    This confusion comes because you use the wording for user thor

    What I thought is, use from user thor or just mention from jump host instead of **for user thor ** which will eliminate the ambiguity.

Hi @mihsan Thanks for your feedback, we have updated the question.

@Inderpreet Thank you very much for your consideration.

For Tutorial/Solution - This content is made for sole reason to help the community

You guys make me feel dumb. Your questions are terribly worded. It should say make sure all users have password less authentication, for example the stapp01 user should be able to login. I think I will start searching the forums first as I read it where Thor should be able to login first. So if you fixed the question, I did not see it.