For some reason, we might want to have passwordless SSH access. This will be useful for automation scripts that are running without user intervention.
In order to do this, the remote SSH server needs to be able to identify the SSH client. This is where the “~/.ssh/authorized_keys” file comes into the picture. The idea is to generate an RSA key from the client side and copy it to the remote server “~/.ssh/authorized_keys” file. If everything is done correctly, the remote SSH server will then be able to identify the SSH client that matched the RSA key and allow passwordless SSH connection.
For example below we are using 2 OS for testing, local client is running CentOS and remote server is running Ubuntu. Normal SSH as below will require the user to enter a password.
leorick@localhost ~]$ ssh leorick@192.168.100.17 leorick@192.168.100.17's password: Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.11.0-25-generic x86_64) ... Your Hardware Enablement Stack (HWE) is supported until April 2025. Last login: Fri Aug 27 04:49:52 2021 from 192.168.100.223 leorick@ubuntu:~$
First step, generate local "id_rsa.pub" from local CentOS client by issuing “ssh-keygen -t rsa” command.
[leorick@localhost ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/leorick/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/leorick/.ssh/id_rsa. Your public key has been saved in /home/leorick/.ssh/id_rsa.pub. The key fingerprint is: SHA256:+7Ar4vN/uQlYinKVgP/UifRWYqGOaT+sysMST0vZbz0 leorick@localhost.localdomain The key's randomart image is: +---[RSA 3072]----+ | . | | . o | | . . o o . | | . * * + | | o= * S | |. +..B = . | | *.oo.B + . | |..=o=.o. =o. | | .o=o+E++o+. | +----[SHA256]-----+
Next, send the “id_rsa.pub” file to the remote Ubuntu server using any method available. Example below is how to send the file using SCP.
leorick@localhost ~]$ scp /home/leorick/.ssh/id_rsa.pub leorick@192.168.100.17:/home/leorick/.ssh/ leorick@192.168.100.17's password: id_rsa.pub 100% 583 1.0MB/s 00:00 [leorick@localhost ~]$
On the remote Ubuntu server, copy the content of the “id_rsa.pub” file into the “~/.ssh/authorized_keys” file of the particular user home directory that you are going to login with.
leorick@ubuntu:~/.ssh$ pwd /home/leorick/.ssh leorick@ubuntu:~/.ssh$ cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrLZsQkR2Sev5s/9cxf64vI1BiId+4CcHxmMIA5B+T2n+R1kZ4iA1u+tut3tKlWI9G9NQnH+yC6nJlBwtjf3szYyn66fIf3mxCwZ+ikFQt9eaOg7h2Wz/WKFx0MHnol3WgVkJwwJqWB0EUaLikJgU4IDjatBpp7X7U2nvVzDHMIIBnCuDYG3NL4nT1JacxZ4KeccRewJN7qWsb+kCJfcwKZRRyiSEvn+Fnk6RDrenSefm6mnxTQJ35kiVGQ2gkpiNzUcR+yrXkZQJyLQso7nEzjmob/ecRbxxj8nZtP2MbPxtU8tIEQjYwkbRuh7acFUw0I8Y4qBS4aKP01zZXrWz7WVoA86a2JvOgwIup0F8+sjXNxzbRR3rgQqV5AitpcwI7zhRVWsHQoL2+mCkIES0hHqEDHwuwnFYk81AOKIEoFRoPSk7wMons+C28uHH9ks5VJRYtty58Vrc6AMWjtVKSaiPRildUZSI7b/HQkQ3DVofpEPnmSJKhiuBEF4Fbk30= leorick@localhost.localdomain leorick@ubuntu:~/.ssh$ cat id_rsa.pub > authorized_keys
Now login can be done without password.
[leorick@localhost ~]$ ssh leorick@192.168.100.17 Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.11.0-25-generic x86_64) ... Your Hardware Enablement Stack (HWE) is supported until April 2025. Last login: Fri Aug 27 04:50:57 2021 from 192.168.100.223 leorick@ubuntu:~$
.
No comments:
Post a Comment