My Oracle Support Banner

How to setup RSA SSH equivalence on Oracle Exadata nodes (Doc ID 2923095.1)

Last updated on FEBRUARY 16, 2023

Applies to:

Oracle Exadata Storage Server Software - Version and later
Linux x86-64


As newer and more secure encryption standards are introduced, older protocols are considered obsolete and production systems should not make use of them. Beginning with Oracle Linux 8, by default, all network connections authenticating with DSA will be blocked at the operating system level. The purpose of this note is to provide the proper steps to setup RSA SSH equivalence between Exadata components, getting customers ready for future migrations.

Prior to updating any Exadata component to an image version based on Oracle Linux 8, customers are strongly recommended to replace all DSA authentication keys with RSA authentication keys, in order to prevent password-less connectivity issues and automation failures, as well as provide more secure network connections.


All the content in this note is intended to system administrators, allowed to configure and/or modify SSH equivalence preferences on Exadata components. For this configuration to be successful, the following technical requirements must be met:

NOTE: Since RSA is a modern and resource demanding encryption protocol, the hardware involved in these operations must support RSA at a low-level implementation. The Sun Rack II Enhanced PDU within the Exadata rack does not support RSA encryption. Instead, this Exadata component is shipped with a 1024-bit DSA encryption key, which cannot be regenerated.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Identifying DSA keys on Oracle Linux
 Example of local DSA key detection
 Example of remote DSA key detection
 Identifying DSA keys on Exadata ILOM
 Example of local DSA key detection
 Example of remote DSA key detection
 Generating 2048-bit or higher RSA keys on Oracle Linux
 Example of RSA key creation
 Verifying RSA keys on Oracle Linux
 Example of successful RSA key verification
 Generating RSA keys on Exadata ILOM
 Verifying RSA keys in Exadata ILOM
 Copying RSA keys to remote Oracle Linux node
 Example of successful RSA key transfer
 Verifying SSH equivalence between Oracle Linux nodes
 Example of successful RSA key-based authentication
 Copying RSA key to Exadata ILOM
 Example of successful RSA key transfer
 Verifying SSH equivalence for Exadata ILOM
 Deleting remote RSA keys from ILOM
 Example of successful RSA key deletion

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.