Step by step guide to establish passwordless ssh in two Unix or Linux servers. Authenticate securely using public and private keys.
If you are working in an infra where there are hundreds of Linux or Unix servers running, then you must be having big time while managing them. To deal with such large number of servers, passwordless ssh becomes an must do practice. Once can achieve remote execution of scripts, commands, sync files via scp etc tasks with passwordless ssh very easily.
Password less ssh is not compromising on security. You will be using pair of user generated keys for authentication so your security is not compromised. Its totally secured, only thing is you are being authenticated already saved keys rather than human entered password. This removes dependency of entering password and hence automatize whole process non-interactively.
Lets see how to setup password less ssh between two servers:
Create your SSH key pair on source machine. This is machine from which you will be doing passwordless SSH to destination machine.
Use below command :
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user4/.ssh/id_rsa):
Created directory '/home/user4/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user4/.ssh/id_rsa.
Your public key has been saved in /home/user4/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| . ...|
| = . .oo|
| o o .o.+.|
| o . .o o|
| S . + |
| . . . E|
| o *+|
| . . . +|
| . |
Note that your key pair is id_rsa and id_rsa.pub files in shown directories. Your id_rsa is private key which will reside on source machine. id_rsa.pub is public key which reside on destination machine. When SSH attempt is made from source to destination, protocol checks these both keys from source and destination. If they match then connection will be established without asking password.
Now, we need to copy id_rsa.pub key on destination machine. It should be copied to home directory of intended user in destination server. It should reside under ~/.ssh/ (i.e. home directory/.ssh/) and with name authorized_keys. You can copy file using shell or any other file transfer program.
If you are trying from source machine using ssh then use below commands:
$ ssh email@example.com "mkdir ~/.ssh"
The authenticity of host '10.10.4.12 (10.10.4.12)' can't be established.
RSA key fingerprint is 08:6c:51:09:9f:4c:69:34:84:ef:08:af:68:df:5e:24.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.4.12' (RSA) to the list of known hosts.
$ cat .ssh/id_rsa.pub | ssh firstname.lastname@example.org 'cat >> .ssh/authorized_keys'
$ ssh email@example.com "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
Here, first command create .ssh directory on destination machine. Second command copies id_rs.pub file’s content to destination machine under file ~/.ssh/authorized_keys and last command sets proper permissions.
You are done! Try SSH from source to destination and it will be through without password!
$ ssh firstname.lastname@example.org
Last login: Tue Oct 6 21:59:00 2015 from 10.10.4.11
This method works for all Linux and Unix variants for SSH protocol. You can also configure it for different users on source and destination. One machine can have more than one authorized key (one key for one source machine), thats why we have concatenated id_rsa.pub content to authorized_keys file (not overwrite).
Drop us any suggestions/corrections you have in comments.