How to enable password less authentication through SSH in Linux/Unix Servers
When we manage numerous servers, it is very difficult to remember
the password of each server by an administrator. Another advantage to have a
password less authentication is automation. When we run automation scripts to
fetch the details of multiple remote servers, we may not be able to provide the
password of each server in an effective way. Another usage of it is Ansible
deployment. Ansbile uses password less authentication from control node to
managed hosts for communication.
Below the steps to
enable password less authentication is Linux/Unix servers.
·
Login to server as the user which needs
connection to other servers.
·
Generate a SSH key pair by ssh-keygen command.
This command may ask few questions or input from your
side. Leave everything as default. Just keep on press enter key when it prompts
for any input.
[user@local-server
~]$ssh-keygen
Generating
public/private rsa key pair.
Enter file in which to
save the key (/home/user/.ssh/id_rsa):
Created directory
'/home/user/.ssh'.
Enter passphrase (empty
for no passphrase):
Enter same passphrase
again:
Your identification has
been saved in /home/user/.ssh/id_rsa.
Your public key has been
saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hXEtLYBW/i1lE+fuKkxz0k8fMAdVcnEe9pdkuSkTAJU
user@ansible-control-node
The key's randomart
image is:
+---[RSA 2048]----+
| o+o+=+ +BB|
| o. +oEo*+==|
| . o
.o+ +.*|
| o + B +.|
| S o.. B
|
| +.o... |
| o + o...|
| o
.. .|
| ..
|
+----[SHA256]-----+
[user@local-server ~]$
These key files will be available in .ssh directory resides in the home directory of the user.
[user@local-server ~]$ls
-l ~/.ssh/
total 8
-rw------- 1 user user
1675 Apr 4 08:50 id_rsa
-rw-r--r-- 1 user
user 407 Apr 4 08:50 id_rsa.pub
[user@local-server ~]$
·
Copy the
key to remote server by ssh-copy-id
command. In the below case, my current user in the local-server
will connect to remote-server as
user “user”. Provide the password of remote
user in the remote server when it asks for the same.
[user@local-server
~]$ssh-copy-id user@remote-server
/bin/ssh-copy-id: INFO:
Source of key(s) to be installed: "/home/user/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO:
attempting to log in with the new key(s), to filter out any that are already
installed
/bin/ssh-copy-id: INFO:
1 key(s) remain to be installed -- if you are prompted now it is to install the
new keys
user@remote-server's
password:
Number of key(s) added:
1
Now try logging into the
machine, with: "ssh
'user@remote-server'"
and check to make sure
that only the key(s) you wanted were added.
[user@local-server ~]$
If ssh-copy-id
command does not work in your system, then copy the content of id_rsa.pub file and paste it in the .ssh/authorized_keys resides in the home directory of the
remote user in remote server.
For example, to connect remote-server as user “user” from user@local-server,
follow the below steps.
Copy the content which is highlighted below from the local-server of
[user@local-server
~]$cat ~/.ssh/id_rsa.pub
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDZai74/F4A3eNO20PTW4agnS0zjm9cF+7U1AErdufBZl2NpIziP4JpGrbM/TQV0e73/YGmb603JsE3tj5glUJMx2tT4Jl1HjylIC7FvPdHfyGcaWsoybSWlLV4rH0HmIBIGVo06Qb72OOrWPBD2ZgIywbVuPeoqYbBvf7NhlJei2Tt1V+WWRgUycbNiWIb3Q+hUdCLpBEuiOBaDtUu7XY4MpQtiRSyjxr4rlN0eh52ODH7k6rgpDQaM3OiG0v3iDPadi6ZWsoeJApDXMjLEghUMwfT2OClBk8Q4Bi3ioC8FopeAowNRqL3RMGDoavPZqrQpYOun
user@ansible-control-node
[user@local-server ~]$
And paste it into the file remote-server like below
[user@ remote-server ~]$
cat .ssh/authorized_keys
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDZai74/F4A3eNO20PTW4S0zjm9cF+7U1AErdufBZl2NpIziP4JpGrbM/TQV0e73/YGmb603JsE3tj5glUJMx2tT4Jl1HjylIC7FvPdHfyGcaWsoybSW8NlLV4rH0HmIBIGVo06Qb72OOrWPBD2ZgIyuPeoqYb+zizk9DG0eXRGBvfei2Tt1V+WWRgUycbNiWIb3Q+hUdCLpBEuiOBaDtUu7XY4MpQtiRSyjxr4rlN0eh52ODH7k6rgpDQaM3OiG0v3iDPadi6ZWsoeJApDXMjLEghUMwfT2OClBk8Q4Bi3ioC8FopeAowNRqL3RMGDoavPZqrQpYOun
user@ansible-control-node
[user@ remote-server ~]$
Ensure that the permission of .ssh directory as 700 and authorized_keys
file as 600. Both the directory and file should be owned by the user “user” like below.
[user@remote-server ~]$
ls -ld .ssh
drwx------
2 user user 29
Apr 4 08:53 .ssh
[user@ remote-server ~]$
ls -l .ssh/authorized_keys
-rw-------
1 user user 407
Apr 4 08:53 .ssh/authorized_keys
[user@ remote-server ~]$
Now you should be able to login to the server without any
password like below.
[user@local-server
~]$ssh user@remote-server
Last login: Sat Apr 4 08:55:26 2020 from 192.168.1.71
[user@anslabsrv2 ~]$
Comments
Post a Comment