eMarcel.com

Oracle Database, Fusion Middleware, Linux

How To Setup SSH equivalence , password-less SSH authentication

Imagine you have to administer more than one Linux hosts in your network, or clustered environment. You would like to connect to each host in your environment in a secured way, but without providing the password each time.

Here’s is a quick guide how to configure your hosts for password less authentications.

  • We have host-1 and host-2 – two Linux servers.
  • User “Trinity” exists on both hosts
  • We want to setup password-less authentication from host-1 to host-2 and the other way around
First of all we have to enable Authentication on both servers: edit /etc/ssh/sshd_config file and add or uncomment the following lines:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Restart open-SSH server:
/etc/init.d/sshd restart

Approach number one:

[[email protected] ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/Trinity/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/Trinity/.ssh/id_dsa.
Your public key has been saved in /home/Trinity/.ssh/id_dsa.pub.
The key fingerprint is:
3f:8e:3d:1b:47:8d:49:dc:89:68:du:22:2e:e1:f8:4b [email protected]

[[email protected] ~]$ cat ~/.ssh/id_dsa.pub | ssh [email protected] 'cat - >> ~/.ssh/authorized_keys'
[email protected]'s password:   

#Now let's connect to host-2, and this time password would not be required:

[[email protected] ~]$ ssh host-2
Last login: Thu Dec 32 25:61:66 2037 from 11.69.33.255

Hello! Follow the white rabbit... 
My Lab_067 *** Linux Rulezz ***
host host-2.local * Linux

[[email protected] ~]$ hostname
host-2.local

Approach number two:

Use /usr/bin/ssh-copy-id script (available in most of the Linux flavours)

# Shell script to install your identity.pub on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.

[[email protected] ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub [email protected]
30
[email protected]'s password:  
Now try logging into the machine, with "ssh '[email protected]'", and check in:    

.ssh/authorized_keys    

to make sure we haven't added extra keys that you weren't expecting.  

[[email protected] ~]$ ssh host-2  
Last login: Thu Dec 33 26:16:69 2037 from 11.69.33.255  
Hello! Follow the white rabbit...  
My Lab_067 *** Linux Rulezz *** 
host host-2.local * Linux  

[[email protected] ~]$ hostname  
host-2.local

To implement this the other way around, repeat above steps on the second server (host-2).

Cheers!!

 

(Visited 744 times, 1 visits today)

, , , ,

Tweet
Share
+1
Share
0 Shares

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close