Enable pem key based ssh linux

On the remote machine (machine to be sshed) execute:

ssh-keygen -t rsa
Press <Enter> key twice. One for public/private key file path and other for passphrase.

If required you can enter the passphrase.

By default, two keys will be created as follows:
$HOME/.ssh/id_rsa (private) and $HOME/.ssh/id_rsa.pub (public)

Create a pem key with the following command:
openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem

Edit the /etc/ssh/sshd_config file change as the following:

RSAAuthentication yes

PubkeyAuthentication yes

then restart ssh service : service sshd restart

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Copy the pem file to the machine from where you want to ssh the remote machine.
chmod 400 id_rsa.pem

Then ssh with:
ssh -i id_rsa.pemĀ <remote m/c IP>

Advertisements

ansible: Failed to validate the SSL certificate

If you get the following error:

“msg”: “Failed to validate the SSL certificate for rpm.nodesource.com:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine (the python executable used (/usr/bin/python) is version: 2.6.6 (r266:84292, Aug 18 2016, 15:13:37) [GCC 4.4.7 20120313 (Red Hat 4.4.7-17)]) or you can install the `urllib3`, `pyOpenSSL`, `ndg-httpsclient`, and `pyasn1` python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [Errno 1] _ssl.c:492: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure.”

It is because the managed node does not have python >= 2.7.10 you can resolve it by executing:

sudo yum install pyOpenSSL -y
sudo pip install urllib3 ndg-httpsclient pyasn1