User Tools
linux:ssh-without-password
Differences
This shows you the differences between two versions of the page.
|
linux:ssh-without-password [2012-11-04 14:21] kokkez |
linux:ssh-without-password [2012-11-04 14:43] (current) kokkez [3. Install public key on the remote-host] |
||
|---|---|---|---|
| Line 12: | Line 12: | ||
| Following 8 steps explains how to perform SSH and SCP from local-host to a remote-host without entering the password on openSSH system | Following 8 steps explains how to perform SSH and SCP from local-host to a remote-host without entering the password on openSSH system | ||
| - | 1. Verify that local-host and remote-host is running openSSH | + | |
| + | |||
| + | ==== 1. Verify that local-host and remote-host is running openSSH == | ||
| [local-host]$ ssh -V | [local-host]$ ssh -V | ||
| Line 20: | Line 22: | ||
| OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 | OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 | ||
| - | 2. Generate key-pair on the local-host using ssh-keygen | + | ==== 2. Generate key-pair on the local-host using ssh-keygen == |
| [local-host]$ ssh-keygen | [local-host]$ ssh-keygen | ||
| Line 32: | Line 34: | ||
| 31:3a:5d:dc:bc:81:81:71:be:31:2b:11:b8:e8:39:a0 jsmith@local-host | 31:3a:5d:dc:bc:81:81:71:be:31:2b:11:b8:e8:39:a0 jsmith@local-host | ||
| - | The public key and private key are typically stored in .ssh folder under your home directory. In this example, it is under /home/jsmith/.sshd. You should not share the private key with anybody. | + | The public key and private key are typically stored in .ssh folder under your home directory. In this example, it is under /home/jsmith/.sshd. <wrap em>You should not share the private key with anybody</wrap>. |
| By default the ssh-keygen on openSSH generates RSA key pair. You can also generate DSA key pair using: ssh-keygen -t dsa command. | By default the ssh-keygen on openSSH generates RSA key pair. You can also generate DSA key pair using: ssh-keygen -t dsa command. | ||
| - | 3. Install public key on the remote-host. | + | |
| + | ==== 3. Install public key on the remote-host == | ||
| Copy the content of the public key from the local-host and paste it to the /home/jsmith/.ssh/authorized_keys on the remote-host. If the /home/jsmith/.ssh/authorized_keys already has some other public key, you can append this to the end of it. If the .ssh directory under your home directory on remote-host doesn’t exist, please create it. | Copy the content of the public key from the local-host and paste it to the /home/jsmith/.ssh/authorized_keys on the remote-host. If the /home/jsmith/.ssh/authorized_keys already has some other public key, you can append this to the end of it. If the .ssh directory under your home directory on remote-host doesn’t exist, please create it. | ||
| - | [remote-host]$ vi ~/.ssh/authorized_keys | + | [remote-host]$ vi ~/.ssh/authorized_keys |
| - | ssh-rsa ABIwAAAQEAzRPh9rWfjZ1+7Q369zsBEa7wS1RxzWR jsmith@local-host | + | ssh-rsa ABIwAAAQEAzRPh9rWfjZ1+7Q369zsBEa7wS1RxzWR jsmith@local-host |
| In simple words, copy the local-host:/home/jsmith/.ssh/id_rsa.pub to remote-host:/home/jsmith/.ssh/authorized_keys | In simple words, copy the local-host:/home/jsmith/.ssh/id_rsa.pub to remote-host:/home/jsmith/.ssh/authorized_keys | ||
| - | 4. Give appropriate permission to the .ssh directory on the remote-host. | ||
| - | [remote-host]$ chmod 755 ~/.ssh | + | ==== 4. Give appropriate permission to the .ssh directory on the remote-host == |
| - | [remote-host]$ chmod 644 ~/.ssh/authorized_keys | + | |
| - | 5. Login from the local-host to remote-host using the SSH key authentication to verify whether it works properly. | + | [remote-host]$ chmod 755 ~/.ssh |
| + | [remote-host]$ chmod 644 ~/.ssh/authorized_keys | ||
| - | [local-host]$ <You are on local-host here> | + | ==== 5. Login from the local-host to remote-host using the SSH key authentication to verify whether it works properly == |
| - | [local-host]$ ssh -l jsmith remote-host | + | [local-host]$ <You are on local-host here> |
| - | Enter passphrase for key '/home/jsmith/.ssh/id_rsa': <Enter your passphrase here> | + | |
| - | Last login: Sat Jun 07 2008 23:03:04 -0700 from 192.168.1.102 | + | [local-host]$ ssh -l jsmith remote-host |
| - | No mail. | + | Enter passphrase for key '/home/jsmith/.ssh/id_rsa': <Enter your passphrase here> |
| + | Last login: Sat Jun 07 2008 23:03:04 -0700 from 192.168.1.102 | ||
| + | No mail. | ||
| + | |||
| + | [remote-host]$ <You are on remote-host here> | ||
| - | [remote-host]$ <You are on remote-host here> | + | ==== 6. Start the SSH Agent on local-host to perform ssh and scp without having to enter the passphrase several times == |
| - | + | ||
| - | 6. Start the SSH Agent on local-host to perform ssh and scp without having to enter the passphrase several times. | + | |
| Verify whether SSH agent is already running, if not start it as shown below. | Verify whether SSH agent is already running, if not start it as shown below. | ||
| - | [local-host]$ ps -ef | grep ssh-agent | + | [local-host]$ ps -ef | grep ssh-agent |
| - | 511 9789 9425 0 00:05 pts/1 00:00:00 grep ssh-agent | + | 511 9789 9425 0 00:05 pts/1 00:00:00 grep ssh-agent |
| - | + | ||
| - | [local-host]$ ssh-agent $SHELL | + | [local-host]$ ssh-agent $SHELL |
| - | + | ||
| - | [local-host]$ ps -ef | grep ssh-agent | + | [local-host]$ ps -ef | grep ssh-agent |
| - | 511 9791 9790 0 00:05 ? 00:00:00 ssh-agent /bin/bash | + | 511 9791 9790 0 00:05 ? 00:00:00 ssh-agent /bin/bash |
| - | 511 9793 9790 0 00:05 pts/1 00:00:00 grep ssh-agent | + | 511 9793 9790 0 00:05 pts/1 00:00:00 grep ssh-agent |
| - | 7. Load the private key to the SSH agent on the local-host. | + | ==== 7. Load the private key to the SSH agent on the local-host == |
| - | [local-host]$ ssh-add | + | [local-host]$ ssh-add |
| - | Enter passphrase for /home/jsmith/.ssh/id_rsa: <Enter your passphrase here> | + | Enter passphrase for /home/jsmith/.ssh/id_rsa: <Enter your passphrase here> |
| - | Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa) | + | Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa) |
| Following are the different options available in the ssh-add: | Following are the different options available in the ssh-add: | ||
| - | ssh-add <key-file-name>: Load a specific key file. | + | ssh-add <key-file-name>: Load a specific key file. |
| - | ssh-add -l: List all the key loaded in the ssh agent. | + | ssh-add -l: List all the key loaded in the ssh agent. |
| - | ssh-add -d <key-file-name>: Delete a specificy key from the ssh agent | + | ssh-add -d <key-file-name>: Delete a specificy key from the ssh agent |
| - | ssh-add -D: Delete all key | + | ssh-add -D: Delete all key |
| - | 8. Perform SSH or SCP to remote-home from local-host without entering the password. | + | ==== 8. Perform SSH or SCP to remote-home from local-host without entering the password == |
| - | [local-host]$<You are on local-host here> | + | [local-host]$<You are on local-host here> |
| + | |||
| + | [local-host]$ ssh -l jsmith remote-host | ||
| + | Last login: Sat Jun 07 2008 23:03:04 -0700 from 192.168.1.102 | ||
| + | No mail. | ||
| - | [local-host]$ ssh -l jsmith remote-host | ||
| - | Last login: Sat Jun 07 2008 23:03:04 -0700 from 192.168.1.102 | ||
| - | No mail. | ||
| <ssh did not ask for passphrase this time> | <ssh did not ask for passphrase this time> | ||
| - | [remote-host]$ <You are on remote-host here> | ||
| - | Help me spread the news about The Geek Stuff. | + | [remote-host]$ <You are on remote-host here> |
| - | Please leave your comments and feedback regarding this article. If you like this post, I would really appreciate if you can spread the word around about “The Geek Stuff” blog by adding it to del.icio.us or Digg through the link below. | ||
linux/ssh-without-password.1352035307.txt.gz · Last modified: 2012-11-04 14:21 by kokkez
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
