align="left">Heh... looking at the subject line, you'd surely have had a second thought about something related to hacking kind of stuff… but... nopes..
this guide will let you to
login to your Linux Server using SSH keys [ie: without using any sort of passwords/pass phrases authentication].. with an added advantage of the
powerful RSA encrypted authentication...
This can be very helpful if you are trying to run certain unattended process between 2 physical machines (e.g. cron or batch jobs) with OpenSSH, normally you are asked to input a password, even from running through scripts.
Here's how the SSH Keys come into importance, where you definitely need an automatic connection/login from one server to the other & where you won't like to enter those weird passwords or even when you want call SSH from within shell scripts..
Here are the simple procedures on getting this done:
Step 1:
First log in on machine1, let’s name it as "ABC" as user "abc" and generate a pair of authentication keys using the "
ssh-keygen -t rsa" command. Normally each user wishing to use ssh with RSA authentication has to run this command once to create the authentication key in
%HOME%/.ssh/identity, this program generates the key and asks for a file in which to store the private key. The public key is stored in a file with the same name but ".pub" appended as an extension.
These public and private cryptography keys that can be used for authentication/login to one or more machines. During this process you will be prompted with some questions.
Just hit ENTER until you get your command prompt back.. In particular, you don't need to specify a pass phrase.
Remember to just leave this blank... The pass phrase may be empty to indicate no pass phrase (host keys must have empty pass phrase), there is no way to recover a lost pass phrase. If it's lost or forgotten, you will have to generate a new key pair and copy the corresponding public key to other machines..
Quote:
[abc@ABC]~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/abc/.ssh/id_rsa):
Created directory ‘/home/abc/.ssh'.
Enter pass phrase (empty for no pass phrase):
Enter same pass phrase again:
Your identification has been saved in /home/abc/.ssh/id_rsa.
Your public key has been saved in /home/abc/.ssh/id_rsa.pub.
The key fingerprint is:
e3:ad:d4:d6:c4:ae:0e:4b:da:0d:26:f0:e5:46:3f:bc abc@ABC.com
|
Step 2:
Now use ssh to create a directory ~/.ssh as user xyz on XYZ machine2:
Quote:
|
[abc@ABC]~# ssh xyz@localhost mkdir -p .ssh xyz@localhost's password:
|
Step 3:
Now append abc's new public key to
xyz@XYZ:.ssh/authorized_keys and enter xyz's password one last time:
Quote:
|
[abc@ABC]~# cat .ssh/id_rsa.pub | ssh xyz@XYZ 'cat >> .ssh/authorized_keys' xyz@XYZ's password:
|
Yippie !!! you're done.. From now on you'd be able to log into XYZ as xyz from ABC without any password:
Quote:
[abc@ABC]~# ssh xyz@XYZ
Welcome to XYZ..
Last login: Sun Apr 13 00:00:01 2008 from ABC.com
[xyz@XYZ]~# hostname
XYZ
|
Remember to chmod the .ssh dir to 600 later on
It's not recommended to have keys without pass phrases, if someone just copies the keyfile they will have access to all accounts that allow that key.
Also, incorrect/loose permissions on both the .ssh and ${HOME} directories will prevent key based authentications... Enjoy...
Login to a Linux server without password !!!
Linear Mode
