tanhueco · November 2, 2019 18:26
diff --git a/set-persistent-private-key-in-smartos.doc b/set-persistent-private-key-in-smartos.doc
 The objective is to gain password-less access from one SmartOS server to another using SSH key pairs for server management purposes 
 between 2 SmartOS servers, e.g. backup purposes	
  
 1. Install nano. It is more error free.  External editors like notepad++ through either WinSCP or Xshell causes "cannot find file" 
   issues.  You can also use console editing if preferred over nano.
    # pkgin in -y nano
  
 2. After creating a key pair, copy the private key to /root/.ssh/ directory and name it id_rsa.
 	
 3. Restart ssh:
    # svcadm restart ssh
 	
 4. Login to the remote server and type "yes" to acknowledged entry. A known_host file will be created in /root/.ssh/ directory:
    # ssh root@1.2.3.4
 	
 5. Create /opt/custom/etc/ directory and copy both the id_rsa and known_hosts files
  
 6. Create a manifest file in /opt/custom/smf/postboot.xml as follows:
 	
    -----------------------
    <?xml version="1.0"?>
    <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

    <service_bundle type='manifest' name='site:postboot'>
    <service
            name='site/postboot'
            type='service'
            version='1'>

            <create_default_instance enabled='true' />

            <single_instance />

            <dependency
                    name='fs-root'
                    grouping='require_all'
                    restart_on='none'
                    type='service'>
                    <service_fmri value='svc:/system/filesystem/root' />
            </dependency>

            <exec_method
                    type='method'
                    name='start'
                    exec='/opt/custom/bin/postboot'
                    timeout_seconds='0'>
            </exec_method>

            <exec_method
                    type='method'
                    name='stop'
                    exec=':true'
                    timeout_seconds='0'>
            </exec_method>

            <property_group name='startd' type='framework'>
                    <propval name='duration' type='astring' value='transient' />
            </property_group>

            <stability value='Unstable' />

    </service>
    </service_bundle>
    -----------------------

 6. Import the manifest:
    # svccfg import /opt/custom/smf/postboot.xml
 	
 7. Create the file to execute in /opt/custom/bin/postboot with your favorite editor:

    -----------------------
    #!/bin/ksh

    cp /opt/custom/etc/id_rsa /root/.ssh/id_rsa
    cp /opt/custom/etc/known_hosts /root/.ssh/known_hosts
    chmod 600 /root/.ssh/id_rsa
    chmod 600 /root/.ssh/known_hosts
    svcadm restart ssh
    -----------------------

 8. Provide execute permit:
    # chmod +x /opt/custom/bin/postboot

 9. Copy id_rsa and known_hosts files into /opt/custom/etc/

 10. Reboot and test:
    # reboot
    # ssh root@1.2.3.4  (or just "ssh 1.2.3.4" if both servers uses the same id name)
	The objective is to gain password-less access from one SmartOS server to another using SSH key pairs for server management purposes
	between 2 SmartOS servers, e.g. backup purposes

	1. Install nano. It is more error free. External editors like notepad++ through either WinSCP or Xshell causes "cannot find file"
	issues. You can also use console editing if preferred over nano.
	# pkgin in -y nano

	2. After creating a key pair, copy the private key to /root/.ssh/ directory and name it id_rsa.

	3. Restart ssh:
	# svcadm restart ssh

	4. Login to the remote server and type "yes" to acknowledged entry. A known_host file will be created in /root/.ssh/ directory:
	# ssh root@1.2.3.4

	5. Create /opt/custom/etc/ directory and copy both the id_rsa and known_hosts files

	6. Create a manifest file in /opt/custom/smf/postboot.xml as follows:

	-----------------------
	<?xml version="1.0"?>
	<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

	<service_bundle type='manifest' name='site:postboot'>
	<service
	name='site/postboot'
	type='service'
	version='1'>

	<create_default_instance enabled='true' />

	<single_instance />

	<dependency
	name='fs-root'
	grouping='require_all'
	restart_on='none'
	type='service'>
	<service_fmri value='svc:/system/filesystem/root' />
	</dependency>

	<exec_method
	type='method'
	name='start'
	exec='/opt/custom/bin/postboot'
	timeout_seconds='0'>
	</exec_method>

	<exec_method
	type='method'
	name='stop'
	exec=':true'
	timeout_seconds='0'>
	</exec_method>

	<property_group name='startd' type='framework'>
	<propval name='duration' type='astring' value='transient' />
	</property_group>

	<stability value='Unstable' />

	</service>
	</service_bundle>
	-----------------------

	6. Import the manifest:
	# svccfg import /opt/custom/smf/postboot.xml

	7. Create the file to execute in /opt/custom/bin/postboot with your favorite editor:

	-----------------------
	#!/bin/ksh

	cp /opt/custom/etc/id_rsa /root/.ssh/id_rsa
	cp /opt/custom/etc/known_hosts /root/.ssh/known_hosts
	chmod 600 /root/.ssh/id_rsa
	chmod 600 /root/.ssh/known_hosts
	svcadm restart ssh
	-----------------------

	8. Provide execute permit:
	# chmod +x /opt/custom/bin/postboot

	9. Copy id_rsa and known_hosts files into /opt/custom/etc/

	10. Reboot and test:
	# reboot
	# ssh root@1.2.3.4 (or just "ssh 1.2.3.4" if both servers uses the same id name)