SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


sshloginwithoutpassword
Differences

This shows you the differences between two versions of the page.

Link to this comparison view

sshloginwithoutpassword [2013/02/25 20:32] (current)
sjoerd created
Line 1: Line 1:
 += SSH Login Without Password =
  
 += Goal =
 +The goal is to have an automatic login for ssh so my script doens'​t need any passwords in it's configuration files. Automatic login through SSH works with PKI (public key infrastructure). We want to create a public key which can be placed on the remote server user's .ssh directory.
 +
 += Source Host =
 +As the user who is going to start the script issue this command (do not enter a passphrase):​
 +<code bash>
 +bash-3.00$ ssh-keygen -t rsa
 +Generating public/​private rsa key pair.
 +Enter file in which to save the key (/​home/​dbuser/​.ssh/​id_rsa):​
 +Enter passphrase (empty for no passphrase):​
 +Enter same passphrase again:
 +Your identification has been saved in /​home/​dbuser/​.ssh/​id_rsa.
 +Your public key has been saved in /​home/​dbuser/​.ssh/​id_rsa.pub.
 +The key fingerprint is:
 +52:​45:​7a:​ca:​85:​70:​7b:​cb:​f8:​1f:​33:​7a:​50:​14:​73:​83 dbuser@dbserver.company.local
 +</​code>​
 +
 += Target Host =
 +You can add the public key to the authorized_keys file manually:
 +<code bash>
 +syncuser@syncserver:​~/​.ssh>​ ll
 +total 8
 +-rw-r--r-- 1 repluser users 1472 2009-01-05 17:12 authorized_keys
 +-rw-r--r-- 1 repluser users  250 2008-10-10 12:24 known_hosts
 +
 +syncuser@syncserver:​~/​.ssh>​ vi authorized_keys
 +</​code>​
 +
 +Or you can use this command to ssh from the source host:
 +<code bash>
 +cat .ssh/​id_rsa.pub | ssh syncuser@swyncserver 'cat >> .ssh/​authorized_keys'​
 +</​code>​
 +
 += Known Hosts =
 +
 +When you try to connect now you get a one time warning if the server is not yet in your list of known hosts:
 +
 +<code terterm>
 +The authenticity of host '​syncserver,​10.10.10.10'​ can't be established.
 +RSA key fingerprint is 84:​17:​4c:​27:​21:​53:​ef:​fc:​6f:​57:​9d:​48:​03:​c6:​17:​6b.
 +Are you sure you want to continue connecting (yes/no)? yes
 +Warning: Permanently added '​syncserver,​10.10.10.10'​ (RSA) to the list of known hosts.
 +</​code>​
 +
 += Authorized Key Is Ignored =
 +If the key is ignored, as in, you still have to enter your password, it could be that the .ssh directory and or authorized key is readable/​writable to others than yourself. Fix that by setting the permissions to allow only yourself (chmod 700 .ssh)
 +
 +{{tag>​aix linux security}}
sshloginwithoutpassword.txt ยท Last modified: 2013/02/25 20:32 by sjoerd