Linux Articles December 1, 2011 1

How To Setup SSH equivalence , password-less SSH authentication

Imagine you have to administer more than one Linux hosts in your network, or clustered environment. You would like to connect to each host in your environment in a secured way, but without providing the password each time.

Here’s is a quick guide how to configure your hosts for password less authentications.

  • We have host-1 and host-2 – two Linux servers.
  • User “Trinity” exists on both hosts
  • We want to setup password-less authentication from host-1 to host-2 and the other way around
First of all we have to enable Authentication on both servers: edit /etc/ssh/sshd_config file and add or uncomment the following lines:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Restart open-SSH server:
/etc/init.d/sshd restart

Approach number one:

[Trinity@host-1 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/Trinity/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/Trinity/.ssh/id_dsa.
Your public key has been saved in /home/Trinity/.ssh/id_dsa.pub.
The key fingerprint is:
3f:8e:3d:1b:47:8d:49:dc:89:68:du:22:2e:e1:f8:4b [email protected]

[Trinity@host-1 ~]$ cat ~/.ssh/id_dsa.pub | ssh Trinity@host-2 'cat - >> ~/.ssh/authorized_keys'
Trinity@host-2's password:   

#Now let's connect to host-2, and this time password would not be required:

[Trinity@host-1 ~]$ ssh host-2
Last login: Thu Dec 32 25:61:66 2037 from 11.69.33.255

Hello! Follow the white rabbit... 
My Lab_067 *** Linux Rulezz ***
host host-2.local * Linux

[Trinity@host-2 ~]$ hostname
host-2.local

Approach number two:

Use /usr/bin/ssh-copy-id script (available in most of the Linux flavours)

# Shell script to install your identity.pub on a remote machine
# Takes the remote machine name as an argument.
# Obviously, the remote machine must accept password authentication,
# or one of the other keys in your ssh-agent, for this to work.

[Trinity@host-1 ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub Trinity@host-2
30
Trinity@host-2's password:  
Now try logging into the machine, with "ssh 'Trinity@host-2'", and check in:    

.ssh/authorized_keys    

to make sure we haven't added extra keys that you weren't expecting.  

[Trinity@host-1 ~]$ ssh host-2  
Last login: Thu Dec 33 26:16:69 2037 from 11.69.33.255  
Hello! Follow the white rabbit...  
My Lab_067 *** Linux Rulezz *** 
host host-2.local * Linux  

[Trinity@host-2 ~]$ hostname  
host-2.local

To implement this the other way around, repeat above steps on the second server (host-2).

Cheers!!