Solaris 11.3 – Bye bye resolv.conf

In the good old days, setting up DNS was just a quick edit of /etc/resolv.conf

like:

~# cat /etc/resolv.conf
search dracko.local
nameserver 192.168.128.130
nameserver 192.168.128.131

But in Solaris 11 you see this:

~# cat /etc/resolv.conf
#
# _AUTOGENERATED_FROM_SMF_V1_
#
# WARNING: THIS FILE GENERATED FROM SMF DATA.
# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.
# See resolv.conf(4) for details.

Soooooo, here is what you do:

root@dracko2:/# svccfg -s network/dns/client
svc:/network/dns/client> setprop config/search = astring: (“dracko.local”)
svc:/network/dns/client> setprop config/nameserver = net_address: (192.168.128.130 192.168.128.131)
svc:/network/dns/client> exit
root@dracko2:/# svcadm refresh dns/client
root@dracko2:/# svcadm restart dns/client

It Works!

root@dracko2:~# nslookup google.com
Server: 192.168.128.131
Address: 192.168.128.131#53

Non-authoritative answer:
Name: google.com
Address: 172.217.4.206

Now we do nsswitch.conf

# svccfg -s system/name-service/switch
svc:/system/name-service/switch> setprop config/host = astring: “files dns”
svc:/system/name-service/switch>exit

#svcadm refresh name-service/switch

#svcadm restart name-service/switch

Setting up passwordless SSH


Setting up passwordless SSH


SERVER1

SERVER2

Check /etc/ssh/sshd_config for

PubkeyAuthentication yes

If it's not set add it to bottom of file and do a:

# svcadm restart ssh


Check /etc/ssh/sshd_config for

PubkeyAuthentication yes

If it's not set add it to bottom of file and do a:

# svcadm restart ssh


Check home directory for .ssh

If it is not there do a mkdir .ssh

If it is there verify that it contains:

-rw-r--r-- 1 jcore
399 Jun 21 08:59 authorized_keys

-rw-r--r-- 1 jcore
399 Jun 21 08:59 authorized_keys2

-rw------- 1 jcore
887 Jun 21 09:00 id_rsa

-rw-r--r-- 1 jcore
231 Jun 21 09:00 id_rsa.pub

 


Check home directory for .ssh

If it is not there do a mkdir .ssh

If it is there verify that it contains:

-rw-r--r-- 1 jcore
399 Jun 21 08:59 authorized_keys

-rw-r--r-- 1 jcore
399 Jun 21 08:59 authorized_keys2

-rw------- 1 jcore
887 Jun 21 09:00 id_rsa

-rw-r--r-- 1 jcore
231 Jun 21 09:00 id_rsa.pub

 


If ~ /.ssh/ does not contain the 4 files do the following:

# ssh-keygen -t rsa

Hit return for all questions, DO NOT SET A PASSPHRASE


If ~ /.ssh/ does notcontain the 4 files do the following:

# ssh-keygen -t rsa

Hit return for all questions, DO NOT SET A PASSPHRASE


Copy ~/.ssh/id_rsa.pub to the other server

scp ~/.ssh/id_rsa.pub ${LOGIN}@${SERVER2}:${SERVER1}.id_rsa.pub


Copy ~/.ssh/id_rsa.pub to the other server

scp ~/.ssh/id_rsa.pub ${LOGIN}@${SERVER1}:${SERVER2}.id_rsa.pub


Now on each server:

# cat ${SERVER2}.id_rsa.pub >> ~/. ssh/authorized_keys

# cat ${ SERVER2}.id_rsa.pub >> ~/. ssh/authorized_keys2

# rm -f ${ SERVER2}.id_rsa.pub


Now on each server:

# cat ${ SERVER1}.id_rsa.pub >> ~/. ssh/authorized_keys

# cat ${ SERVER1}.id_rsa.pub >> ~/. ssh/authorized_keys2

# rm -f ${ SERVER1}.id_rsa.pub


Test:

ssh SERVER2


Test:

ssh SERVER2

 

Or Script it!

From SERVER1

ssh-keygen -t rsa

echo "now doing copies to ${SERVER2} - you will need the password"

scp ~/. ssh/id_rsa.pub${LOGIN}@${SERVER2}:id_rsa.pub

ssh ${LOGIN}@${SERVER2} 'if [ !-d .ssh ];then mkdir .ssh; fi'

ssh ${LOGIN}@${SERVER2} 'catid_rsa.pub >> .ssh/authorized_keys'

ssh ${LOGIN}@${SERVER2} 'catid_rsa.pub >> .ssh/authorized_keys2; rm id_rsa.pub'

scp ${LOGIN}@${SERVER2}:.ssh/id_rsa.pub remote.id_rsa.pub

cat remote.id_rsa.pub >> ~/. ssh/authorized_keys

cat remote.id_rsa.pub >> ~/. ssh/authorized_keys2

rm -f remote.id_rsa.pub

grep "PubkeyAuthentication /etc/ssh/sshd_config

if [ $? -ne 0 ]

then

echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config

svcadm restart ssh

fi

 

The Bottom Line

1. Each server MUST have PubkeyAuthentication yes in /etc/ssh/sshd_config
2. Each server user (aka root) MUST have a id_rsa and a id_rsa.pub in .ssh/, because you have to swap public keys between servers
3. You concatenate server B’s id_rsa.pub to server A’s .ssh/authorized_keys and .ssh/authorized_keys2
4. You concatenate server A’s id_rsa.pub to server B’s .ssh/authorized_keys and .ssh/authorized_keys2