Pages

Monday 28 November 2011

ssh without password


Optional
Advanced
g Security implications, not recommended for everyone.
Prerequisit: Install cygwin g on a Windows g machine.

On the g Windows machine, generate RSA (key-pair) public key and private key:
Double click on the cygwin icon g , a black screen pops up,
ssh-keygen -t  rsa
Enter file in which to save the key (/home/username/.ssh/id_rsa): just hit Enter
Enter passphrase (empty for no passphrase): just hit Enter
Here is a diagram of some of the possible topologies of your internal network.
Copy your public key to a Linux machine g with sshd running
 scp  .ssh/id_rsa.pub  username@remotehost:~
(remotehost can be a host name or an ip address)  (substitute username with the actual user logon)
ssh  username@remotehost
mkdir  .ssh
If the file ~/.ssh/authorized_keys exists, you probably don't want to destroy that file, do:
cat  id_rsa.pub  >> .ssh/authorized_keys
If the file ~/.ssh/authorized_keys does not exist, do:
mv  id_rsa.pub   .ssh/authorized_keys
Copy your public key to a LRP box g with sshd running
If the remotebox has the file /root/.ssh/authorized_keys in existence, you probably don't want
to destroy it. In that case, do: (remotebox can be a host name or an ip address)
scp  .ssh/id_rsa.pub   root@remotebox:/root/.ssh/newkey
ssh  root@remotebox
cd   /root/.ssh
cat  newkey  >>  authorized_keys  (this appends the newkey to the authorized_keys)
(If you like, make the keys permanent by typing lrcfg and backup root )
If the remotebox does not have file /root/.ssh/authorized_keys in existence:
(also make sure that on the LRP box,  /root/.ssh directory exists, if not, create one by doing this)
ssh  root@remotebox
cd   /root
mkdir .ssh
now copy the RSA public key to the LRP box:
scp  .ssh/id_rsa.pub  root@remotebox:/root/.ssh/authorized_keys
Test the RSA key-authentication scheme, from the g Windows machine:
ssh  username@remotehost  (to a Linux machine) or
ssh  root@remotehost   (to a LRP box)
(remotehost can be a host name, or an ip address)
You should be able to login to the remote without typing password.
pwd
shows you that you are in   /home/username (Linux box) or in  /root  (LRP box)
If above is not successful, check sshd configuration:
vi   /etc/ssh/sshd_config  (on the Linux box)
RSAAuthentication   yes
PubkeyAuthentication  yes
or
ae  /etc/ssh/sshd_config   (on the LRP box)
RSAAuthentication   yes
PubkeyAuthentication  yes
Disclaimer
© 2002-2004 Nicholas Fong
Last revision date:  September 13, 2004
Posted by at No comments:
Subscribe to: Posts (Atom)