Can you be more specific on how are you trying to achieve that ? The error you mention is as a result of what exactly ?
After logon on 2 instance i execute:
sudo su - oracle
chmod 700 ~/.ssh
/usr/bin/ssh-keygen -t rsa;/usr/bin/ssh-keygen -t dsa
ssh ias1 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys;ssh ias1 cat /home/oracle/.ssh/id_dsa.pub >> authorized_keys;ssh ias2 cat /home/oracle/.ssh/id_dsa.pub >> authorized_keys;ssh ias2 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys
After this procedure if i try to execute from ias1 command ssh ias2 i recived error:
Permission denied (publickey, gssapi-keyex, gssapi-with-mic).
My purpose is to run commands from ias1 to ias2 without my password being requested
my understanding from the above, is that you described how you've injected the public ssh keys into your compute instances, so that can be accessed by the ones that have the private ssh keys. I am not sure why are you using oracle user in the above (oracle user exists only in PaaS VMs not in IaaS VMs, but is probably a matter of semantic, Compute VMs are also PaaS instances eventually and you may refer to PaaS VMs).
Regardless of the above, you still did not insert the exact command you are trying to run.
Once you finish the preparation correctly( let's use opc user or other user you've configured, below I will use opc, the default one), to ssh from iaas1 into iaas2, for example, you should run:
ssh -i [private_key2] opc@[iaas2_public_IP],
where private_key2 is the pair of the ssh public key inserted into .ssh folder of the iaas2(the preparation I am guessing you referred to with the commands you provided), private_key2 should be physically existing on iaas1 ( did you upload it ? )
To get more info with the above command try using verbose mode such as
ssh -vvv -i [private_key2] opc@[iaas2_public_IP]
I am also confused about your last statement "My purpose is to run commands from ias1 to ias2 without my password being requested".
What password are you referring to here ? Did you create a passcode for the ssh keys ?
Hopefully some of the things I've wrote above will help to clarify and if not, try provide more clear details.
SELinux may be enabled (you can verify that using the 'getenforce' command). I think it is by default in OEL 7.
If it is, you may want to check whether you can fix the issue by restoring the security context:
# restorecon -R -v /root/.ssh
So (in Iaas1) just create a config file in your .ssh folder ( chmod 600 ):
IdentityFile [the path to your private key on iaas1 = the pair of the Iaas2 pub key]
and that can let you access iass2 from iaas1 just by doing from iaas1
If still have issues, post the command you run with the verbose ouput ("-vvv") when trying to connect from iaas1 to iaas2
Check also security rules, you should be allowing SSH in as a security rule and attach it into a Security Lists of your VMs ( you can use source in this rule as "public-internet" just for testing purpose ).
* Make sure you created the private key on IaaS1 without a passphrase
* Inject the public key on IaaS2 via the Compute Cloud service console (Networking tab -> SSH Keys)
* From IaaS1, 'ssh -i <path_to_private_key> opc@IaaS2'
* On IaaS2, become root (sudo su -). If not possible, set a password for the user opc first, so sudo works.
* Edit your sshd_config how you need it, copy the authorized_keys entry to the target user's authorized_key entry (you can copy&paste from ~opc/.ssh/authorized_keys now)
If there are any ssh- or scp-related questions, I recommend you google for an introduction to SSH first and study it, or ask in a Linux community.
Another thing, please do on both machines:
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
Without this ssh will refuse to work.
Useful information to manage multiple users to multiple hosts with configuration files. I got it solved.
How can I close this answer?
Yes .. It is possible.