linux poison RSS
linux poison Email

Setting up SSH keys for Secure Password-less SSH Login

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

The OpenSSH suite replaces rlogin and telnet with the ssh program, rcp with scp, and ftp with sftp. Also included is sshd (the server side of the package), and the other utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server.

If you manage more than one or two hosts, you likely have to type the same password too often. This can get quite annoying. SSH allows you to setup a public and private keypair. Using these keys, you can connect to any host which has the public key, from any host which has the private key.

First you’ll need to setup a keypair. Use the following command to generate public/private keys on your client system:
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/njauhari/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/njauhari/.ssh/id_rsa.
Your public key has been saved in /home/njauhari/.ssh/id_rsa.pub.
The key fingerprint is:
09:33:01:e1:db:73:0e:43:c3:4e:41:d8:d5:40:76:29
njauhari@njauhari.poison.com
The key's randomart image is:
+--[ RSA 2048]----+
|    o*+o=o..     |
|   ....+E.o      |
|    . O  .       |
|     * = .       |
|    . * S        |
|       *         |
|        .        |
|                 |
|                 |
+-----------------+
When executed this command will prompt you for a secret passphrase. Just press the enter key when prompted for a passphrase, which will make a key with no passphrase. With no passphrase we will be able to login to the remote server without any passwords.

Also, above command will generate two files (id_rsa & id_rsa.pub) inside your home directory .ssh

Copy the Public Key to the Server
After you have created the public/private key pairs on your client machine, you need to copy the newly created public key to the server, here I have used scp command, you can also copy it manually or by any other way (e.g - ftp, cp, samba share, nfs share etc ...)
scp id_rsa.pub userid@server:.ssh/my_id_rsa.pub
When running scp you will be prompted for your password.

Now login to server and cd to the .ssh directory. Add the contents of the public key that your just copied (my_id_rsa.pub) to the end of your authorized_keys2 file and set the correct permissions:
cat my_id_rsa.pub >> authorized_keys2
chmod 600 authorized_keys2
After making above changes logoff and try to login back (ssh) to the server from your client machine, you should  able to login into server without any password.




0 comments:

Post a Comment

Related Posts with Thumbnails