~drscream

SSH without password authentication on SmartOS

It’s highly recommended to use an ssh key for authentication as root user to the global zone. This requires a modification of the sshd_config file which is located on /usbkey/ssh.

Before modifying the configuration be sure you’ve created an ssh public private key pair via ssh-keygen. To place an authorized_keys into the home folder of the root user you need additional modifications.

  1. Place the authorized_keys that contains the ssh public key into /usbkey/config.inc directory.
  2. Modify the /usbkey/config file to readout that information and place the authorized_keys file into the root users home by booting the machine. For that the following entry is required: root_authorized_keys_file=authorized_keys

It’s a good idea to reboot the machine to be sure the ssh key authentication is working before modifying the sshd_config.

The options you need to change in the /usbkey/ssh/sshd_config file are the following:

# Disallow password authentication
PasswordAuthentication no
# Permit root login (which should be already set)
PermitRootLogin yes

On SmartOS and Solaris machines password authentication is disabled but still asking for an password. An extra option is require to disable keyboard-interactive authentication:

KbdInteractiveAuthentication no

Send your comment by mail.