RSA key authentication in Linux : Passwordless login
RSA key authentication in Linux : Passwordless login
Scenario :
(1) Two Servers
Hostname : Server1 , username : test (user must exist in server)
Hostname : Server2 , username : test (user must exist in server)
Hostname : Server2 , username : test (user must exist in server)
(2) We want to login into Server2 from Server1 without giving passwd.
means when we do “ssh test@server2″ it should not ask passwd.
means when we do “ssh test@server2″ it should not ask passwd.
How to :
(a) Login into server1 by user test.
use the command: ssh-keygen -t rsa
And just hit enter enter enter , donot give any passphrase passwd.
[test@server1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Created directory ‘/home/test/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
49:a4:1e:b8:df:13:36:fa:25:5a:d3:d2:f5:9e:77:98 test@server1
[test@server1 ~]$
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Created directory ‘/home/test/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
49:a4:1e:b8:df:13:36:fa:25:5a:d3:d2:f5:9e:77:98 test@server1
[test@server1 ~]$
Two files id_rsa and id_rsa.pub would be created in /home/test/.ssh directory
[test@server1 ~]$ ls -lrt .ssh/
total 8
-rw-r–r– 1 test test 410 Nov 27 23:06 id_rsa.pub
-rw——- 1 test test 1671 Nov 27 23:06 id_rsa
[test@server1 ~]$
total 8
-rw-r–r– 1 test test 410 Nov 27 23:06 id_rsa.pub
-rw——- 1 test test 1671 Nov 27 23:06 id_rsa
[test@server1 ~]$
(b) now scp the id_rsa.pub file into server2
[test@server1 ]$ cd /home/test/.ssh
[test@server1 .ssh]$ ls -lrt
total 8
-rw-r–r– 1 test test 410 Nov 27 23:06 id_rsa.pub
-rw——- 1 test test 1671 Nov 27 23:06 id_rsa
[test@server1 .ssh]$
[test@server1 .ssh]$ scp id_rsa.pub test@server2:~
[test@server1 ]$ cd /home/test/.ssh
[test@server1 .ssh]$ ls -lrt
total 8
-rw-r–r– 1 test test 410 Nov 27 23:06 id_rsa.pub
-rw——- 1 test test 1671 Nov 27 23:06 id_rsa
[test@server1 .ssh]$
[test@server1 .ssh]$ scp id_rsa.pub test@server2:~
(c) Now login into Server2 by user test:
Check if /home/test/.ssh directory exist or not.
ls -ld /home/test/.ssh
if the .ssh directory does not exist make a new directory.
[ test@server2 }$mkdir -p /home/test/.ssh
Now change to directory .ssh
cd /home/test/.ssh
Create one file inside .ssh called authorized_keys
[test@server2 .ssh]$ pwd
/home/test/.ssh
[test@server1 .ssh]$ touch authorized_keys
[test@server2 .ssh]$ ls
authorized_keys
/home/test/.ssh
[test@server1 .ssh]$ touch authorized_keys
[test@server2 .ssh]$ ls
authorized_keys
(d) now copy the content of id_rsa.pub which u scp from server1 into the file /home/test/.ssh/authorized_keys
[test@server2 .ssh]$
[test@server2.ssh]$ cd ~
[test@server2 ~]$
[test@server2 ~]$ cat id_rsa.pub >> /home/test/.ssh/authorized_keys
[test@server2.ssh]$ cd ~
[test@server2 ~]$
[test@server2 ~]$ cat id_rsa.pub >> /home/test/.ssh/authorized_keys
(e) Check the permission and ownership of .ssh directory and authorized_keys file. It must be like below information
[test@server1 ~]$ ls -ld .ssh/
drw-r-xr-x 2 test test 4096 Nov 27 22:56 .ssh/
[test@server1 ~]$
[test@server1 ~]$ ls -lrt .ssh/
total 4
-rw-r–r– 1 test test 412 Nov 27 22:55 authorized_keys
[test@server1 ~]$
[test@server1 ~]$
drw-r-xr-x 2 test test 4096 Nov 27 22:56 .ssh/
[test@server1 ~]$
[test@server1 ~]$ ls -lrt .ssh/
total 4
-rw-r–r– 1 test test 412 Nov 27 22:55 authorized_keys
[test@server1 ~]$
[test@server1 ~]$
Note in Server2 : you should login with root user here
check sshd configuration:
vi /etc/ssh/sshd_config (on the Linux box)
RSAAuthentication yes
PubkeyAuthentication yes
vi /etc/ssh/sshd_config (on the Linux box)
RSAAuthentication yes
PubkeyAuthentication yes
/etc/init.d/sshd reload
or
/etc/init.d/sshd restart
or
/etc/init.d/sshd restart
Now logout from Server2 and try to ssh from Server1 to Server2,it should not ask passwd for login.
[test@server1 ~]$ ssh test@server2
No comments:
Post a Comment