SSH Tutorial

From Alteeve Wiki
Jump to navigation Jump to search

 AN!Wiki :: How To :: SSH Tutorial

Note: This needs work.


Password-less Inter-server Communication

This shows how to have the two servers accept each other's SSH keys without the need for passwords. This allows for, among other things, to shuffle data between two servers securely using 'rsync'.

Scope

This is meant to be a dead-simple example of how to create a shared key to avoid the need for passwords. Nothing more. In the same vein, it is expected that you understand the potential security implications of doing so.

What to do

On the source machine, as the user you will make the ssh call as, run:

ssh-keygen -t rsa

Accept the default value for the prompts.

You should now see two new files; '~/.ssh/id_rsa' and '~/.ssh/id_rsa.pub'. Open the public key file:

cat ~/.ssh/id_rsa.pub

It should output something like this:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArp8VPicZjSglhDI7NhzwdGH6/tHPPk1uKJ6fBCWSoCA/nVyuPvah2wdNKfHBmdG0iDUG49mSIAX71UdPZrLKuOjCks79bCdMSj+Zea5c61RMB0w2GuhY+wAKM+C+GjYvB6j+Ft2jRKw3YoVVmYBf/iW9oBuOH9dIBAIAfOpd3TrJJef+1JmkPVfU3dnn5K+ZfDZNv+7z2Fa2UznOXWkEN/tdqdXTp5X7UJH8gOVHQky5DPgtev7a0u+Emayd4UzHhgfY4pIfB3g46NpvN36GGwdIA3FdwlYUgmXqTpJnyPFlWpKPcnDTlrdcHhgoejvOe6M4HqykxoL49ok1QCEEkQ== digimer@lework

(Yes, that is my real public key... It won't do you much good though. ;) ).

Copy the output and then ssh normally into the remote machine.

ssh someuser@somehost

Once you've logged in with the password, create/edit the the ~/.ssh/authorized_keys file:

vim ~/.ssh/authorized_keys

Paste the contents of your ~/.ssh/id_rsa.pub file on a new line. Save the file and then log out of the remote host. You should now be able to reconnect exactly as you did a moment ago, but this time you will not be prompted for a password.

You can copy this public key into as many destination machines/users as you would like.

A Note

Keys you generate will only work when connecting from the source computer as the user you created the key as. For example, if you create the key as root and then try to connect as someuser, the key will not be used. You would need to create another key as someuser.

Likewise, where you put the public key on the destination server will define which user you can connect as on the remote machine.

 

Any questions, feedback, advice, complaints or meanderings are welcome.
Alteeve's Niche! Enterprise Support:
Alteeve Support
Community Support
© Alteeve's Niche! Inc. 1997-2024   Anvil! "Intelligent Availability®" Platform
legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions.