Imagine you have to administer more than one Linux hosts in your network, or clustered environment. You would like to connect to each host in your environment in a secured way, but without providing the password each time.
Here’s is a quick guide how to configure your hosts for password less authentications.
/etc/ssh/sshd_configfile and add or uncomment the following lines:
RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
Approach number one:
[Trinity@host-1 ~]$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/Trinity/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/Trinity/.ssh/id_dsa. Your public key has been saved in /home/Trinity/.ssh/id_dsa.pub. The key fingerprint is: 3f:8e:3d:1b:47:8d:49:dc:89:68:du:22:2e:e1:f8:4b [email protected] [Trinity@host-1 ~]$ cat ~/.ssh/id_dsa.pub | ssh Trinity@host-2 'cat - >> ~/.ssh/authorized_keys' Trinity@host-2's password: #Now let's connect to host-2, and this time password would not be required: [Trinity@host-1 ~]$ ssh host-2 Last login: Thu Dec 32 25:61:66 2037 from 188.8.131.52 Hello! Follow the white rabbit... My Lab_067 *** Linux Rulezz *** host host-2.local * Linux [Trinity@host-2 ~]$ hostname host-2.local
Approach number two:
Use /usr/bin/ssh-copy-id script (available in most of the Linux flavours)
# Shell script to install your identity.pub on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.
[Trinity@host-1 ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub Trinity@host-2 30 Trinity@host-2's password: Now try logging into the machine, with "ssh 'Trinity@host-2'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [Trinity@host-1 ~]$ ssh host-2 Last login: Thu Dec 33 26:16:69 2037 from 184.108.40.206 Hello! Follow the white rabbit... My Lab_067 *** Linux Rulezz *** host host-2.local * Linux [Trinity@host-2 ~]$ hostname host-2.local
To implement this the other way around, repeat above steps on the second server (host-2).