Announcement

Collapse
No announcement yet.

[SOLVED] Using ssh keys for no-password logins

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [SOLVED] Using ssh keys for no-password logins

    I was helping a client setup ssh with public/private keys between two servers, so that they could use ssh, scp and sftp without having to enter passwords. This was primarily so that they could script a secure file transfer between the two servers. below are the steps taken to set everything up.

    Note: the usernames and passwords have been changed, to ensure the systems remain secure. I've provided dummy keys below for reference.

    First, we need to login to the client machine (the one that starts the ssh/scp/sftp connections) and create an ssh key pair. When it prompts for a password for the key, just press enter (don't enter one). While this does reduce the security of the implementation, it ensure that automated processes don't need passwords when connecting from client to server.

    Code:
    freddy:~ cwplough$ ssh-keygen -t dsa
    Generating public/private dsa key pair.
    Enter file in which to save the key (/home/cwplough/.ssh/id_dsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/cwplough/.ssh/id_dsa.
    Your public key has been saved in /home/cwplough/.ssh/id_dsa.pub.
    The key fingerprint is:
    23:30:5d:45:c5:37:27:38:7e:66:2a:46:59:15:3a:f8 [email protected]
    Next, we'll take a quick look at the ssh public key, just to see what it contains.

    Code:
    freddy:~ cwplough$ cd .ssh
    freddy:~/.ssh cwplough$ more id_dsa.pub
    ssh-dss AAAsd3NzaC1kc3MAAACBAMTf2OqoiHQ3kJlYp2mxr7fAYQ6VdkOVTR0G3lEgXQItJ/sRA478djd938V0FtjCyZ9jIFb0GBXJnUa+rWU1moQWciMwc7cHuWh3Iana4CuDBG1oCUEAgdg10t7EKse3OMLBk+4hGQVIgfkdkd+seGtYb62kRZsJMN/RGAJBta49JAAAAFQCN72UA0+ms1Tn7aqtfxTwYUts0twAAAIEAki82UN5KS5sKOmhagEwjVBbHGVjJb/badkldkdvmTVyCHWOxbmIWy8XyWguBZlowqjz5wibIM6N4Fj4XI7Z3zuXCXnEpvvlYeS4fpBzwGZ7pUA83qXxh3QZ0YP+NvSv8Xe7jw2+Kq7KVtgK0UN1dEuBtUl2Tbwr9jFLoAzbi6DgIAAACBAJ3gBqdFoCJ1KCo/jjkGzrkvp4N1B0qVGh2u7D0DtZqhAhULHEfmUdjdjQ4ZfnNsD2ZKvjFVMzZQQsKMFXD98mXJ5qvS8lPJ6KcZHfZdpp4y5iWAg/WqnU8HbroQKN9vt/HJ6xqQ5hATCrNYvswNgcWfS9wsdfsdfssdU9FPkJxaT [email protected]
    Once we've verified that it exists, we can copy it over to the server(s) that we want to login to without passwords.

    Code:
    freddy:~/.ssh cwplough$ scp id_dsa.pub [email protected]:~/
    Next, login to the server, so that we can put the ssh key into place.

    Code:
    [email protected] [~]# mkdir .ssh   #if the directory already exists, you can skip this step.
    [email protected] [~]# cat id_dsa.pub >> .ssh/authorized_keys
    [email protected] [~]# cd .ssh
    [email protected] [~/.ssh]# ln -s authorized_keys authorized_keys2
    Next, ensure the permissions of the authorized_keys* files are 644 - if they are more relaxed than this, OpenSSH will notice and you'll continue to get prompted for a password.

    Code:
    [email protected] [~/.ssh]# chmod 644 authorized_keys*
    I like to verify the contents of the authorized_keys file, just in case

    Code:
    [email protected] [~/.ssh]# cat authorized_keys
    ssh-dss AAAsd3NzaC1kc3MAAACBAMTf2OqoiHQ3kJlYp2mxr7fAYQ6VdkOVTR0G3lEgXQItJ/sRA478djd938V0FtjCyZ9jIFb0GBXJnUa+rWU1moQWciMwc7cHuWh3Iana4CuDBG1oCUEAgdg10t7EKse3OMLBk+4hGQVIgfkdkd+seGtYb62kRZsJMN/RGAJBta49JAAAAFQCN72UA0+ms1Tn7aqtfxTwYUts0twAAAIEAki82UN5KS5sKOmhagEwjVBbHGVjJb/badkldkdvmTVyCHWOxbmIWy8XyWguBZlowqjz5wibIM6N4Fj4XI7Z3zuXCXnEpvvlYeS4fpBzwGZ7pUA83qXxh3QZ0YP+NvSv8Xe7jw2+Kq7KVtgK0UN1dEuBtUl2Tbwr9jFLoAzbi6DgIAAACBAJ3gBqdFoCJ1KCo/jjkGzrkvp4N1B0qVGh2u7D0DtZqhAhULHEfmUdjdjQ4ZfnNsD2ZKvjFVMzZQQsKMFXD98mXJ5qvS8lPJ6KcZHfZdpp4y5iWAg/WqnU8HbroQKN9vt/HJ6xqQ5hATCrNYvswNgcWfS9wsdfsdfssdU9FPkJxaT [email protected]
    Now, log back into the client machine and test it!

    Code:
    freddy:~ cwplough$ sftp [email protected]
    sftp>
    From this point on, you can ssh, scp and sftp into the server without a password.
    Chris Plough
    twitter.com/chrisplough
    MavenWire
Working...
X