SSH (Secure SHELL) is an open source and most trusted
network protocol that is used to login into remote servers for execution of
commands and programs. It is also used to transfer files from one computer to
another computer over the network using secure copy (SCP) Protocol.
In this article we will show you how
to setup password-less login on RHEL/CentOS 7.x/6.x/5.x and Fedora
using ssh keys to connect to remote Linux servers without
entering password. Using Password-less login with SSH keys will increase
the trust between two Linux servers for easy file synchronization or
transfer.
Setup SSH Passwordless Login
Setup Environment
SSH
Client : 192.168.0.1 ( CentOS 7 )
SSH
Remote Host : 192.168.0.2 ( CentOS 7 )
If you are dealing with number of Linux
remote servers, then SSH Password-less login is one of the best way to
automate tasks such as automatic backups with scripts, synchronization files
using scp and remote command execution.
In this example we will setup SSH
password-less automatic login from server 192.168.0.2 as user testserver to 192.168.0.1 with user testclient.
Step
1: Create Authentication SSH-Kegen Keys on – (192.168.0.2)
First login into server 192.168.0.2
with user testserver and generate a pair
of public keys using following command.
[testserver@testserver.com ~]$ ssh-keygen -t rsa
Generating
public/private rsa key pair.
Enter
file in which to save the key (/home/testserver/.ssh/id_rsa): [Press enter key]
Created
directory '/home/testserver/.ssh'.
Enter
passphrase (empty for no passphrase): [Press enter key]
Enter
same passphrase again: [Press enter key]
Your
identification has been saved in /home/testserver/.ssh/id_rsa.
Your
public key has been saved in /home/testserver/.ssh/id_rsa.pub.
The
key fingerprint is:
5f:ad:40:00:8a:d1:9b:99:b3:b0:f8:08:99:c3:ed:d3 testserver@testserver.com
The
key's randomart image is:
+--[
RSA 2048]----+
| ..oooE.++|
| o. o.o
|
| ..
. |
| o
. . o|
| S .
. + |
| . .
. o|
| . o o
..|
| + +
|
| +.
|
+-----------------+
Step
2: Create .ssh Directory on – 192.168.0.1
Use SSH from server 192.168.0.2
to connect server 192.168.0.1 using testclient as user and create .ssh directory under
it, using following command.
[testserver@testserver.com ~]$ ssh testclient@192.168.0.1
mkdir -p .ssh
The
authenticity of host '192.168.0.1 (192.168.0.1)' can't be established.
RSA
key fingerprint is 45:0e:28:11:d6:81:62:16:04:3f:db:38:02:la:22:4e.
Are
you sure you want to continue connecting (yes/no)? yes
Warning:
Permanently added '192.168.0.11' (ECDSA) to the list of known hosts.
testclient@192.168.0.1's password: [Enter Your Password Here]
Step
3: Upload Generated Public Keys to – 192.168.0.1
Use SSH from server 192.168.0.2
and upload new generated public key (id_rsa.pub) on server 192.168.0.1
under testclient‘s .ssh directory as
a file name authorized_keys.
[testserver@testserver.com ~]$ cat .ssh/id_rsa.pub | ssh testclient@192.168.0.1 'cat >>
.ssh/authorized_keys'
testclient@192.168.0.1's password: [Enter Your Password Here]
Step
4: Set Permissions on – 192.168.0.1
Due to different SSH versions on
servers, we need to set permissions on .ssh directory and authorized_keys file.
[testserver@testserver.com ~]$ ssh testclient@192.168.0.1
"chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
testclient@192.168.0.1's password: [Enter Your Password Here]
Step
5: Login from 192.168.0.2 to 192.168.0.1 Server without Password
From now onwards you can log into 192.168.0.1
as testclient user from server 192.168.0.2
as testserver user without password.
[testserver@testserver.com ~]$ ssh testclient@192.168.0.1
No comments:
Post a Comment