Sunday, April 15, 2012

Step by Step :: Password less ssh login


First we will see, how to install the openssh in your ubuntu machine. 
1) Type the below command in your console
$ sudo apt-get install openssh-server openssh-client
 
2) Once it get installed, see whether you have the sshd dameon is running in your system or not.

1
2
$ps -ef | grep ssh
root      3878     1  0 23:26 ?        00:00:00 /usr/sbin/sshd -D


3) Now you are ready to use the ssh connection. Lets test the ssh connection to the localhost itself.
 
1
2
3
4
5
6
$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is 99:4c:e7:56:8e:ec:81:67:87:95:38:26:35:01:a1:e4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
kamaraj@localhost's password:


Now provide the password for your user account. And it will get into the system (in this case its localhost)

4) How to set password less connectivity ?

5) create public key and private key for the host by using the below command.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#Goto the home directory and execute the below ssh-keygen command
$ cd 
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/kamaraj/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identificat ion has been saved in /home/kamaraj/.ssh/id_rsa.
Your public key has been saved in /home/kamaraj/.ssh/id_rsa.pub.
The key fingerprint is:
16:fc:a9:bc:d9:fe:f1:12:0f:05:88:04:b4:8c:5b:97 kamaraj@Kamaraj
The key's randomart image is:
+--[ RSA 2048]----+
|     .oo.. .     |
|     o o... .    |
|    . + E    .   |
|     o . o .  .  |
|    .   S o  .   |
|       o .  o    |
|        o   .+   |
|         +  .o.  |
|        o.o....  |
+-----------------+


6) Now you can see a .ssh folder is created in your home directory and you can see some files inside the .ssh folder.
Note : .ssh is hidden folder
 
1
2
3
4
5
kamaraj@Kamaraj:~/.ssh$ ls -lrt
total 16
-rw-r--r-- 1 kamaraj kamaraj 1106 Nov 10 23:26 known_hosts
-rw-r--r-- 1 kamaraj kamaraj  397 Nov 10 23:28 id_rsa.pub
-rw------- 1 kamaraj kamaraj 1675 Nov 10 23:28 id_rsa
1
2
~/.ssh/id_rsa : private or identification key
~/.ssh/id_rsa.pub : public key


7) create a new file called authorized_keys2 in .ssh folder and copy the contents of id_rsa.pub.
 
1
cat id_rsa.pub >> authorized_keys2
  That’s all. Now try the ssh command.
2
3
4
5
6
7
$ ssh localhost
Welcome to Ubuntu 11.04 (GNU/Linux 2.6.38-12-generic i686)
 
 * Documentation:  https://help.ubuntu.com/
 
Last login: Thu Nov 10 23:48:00 2011 from localhost
$

This time ssh command didn’t ask the password.

If you want to connect to some other machine, then scp the id_rsa.pub  file to the destination machine and put it under the .ssh folder in the  name of authorized_keys2. 


or



Execute these two commands:
ssh-keygen
After the key is copied, ssh into the machine as normal
ssh user@host
You can now login without entering a password from the particular machine you executed the commands at.
Example
not-marco@rinzwind-desktop:~$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/not-marco/.ssh/id_rsa): 
Created directory '/home/not-marco/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/not-marco/.ssh/id_rsa.
Your public key has been saved in /home/not-marco/.ssh/id_rsa.pub.
The key fingerprint is:
b1:25:04:21:1a:38:73:38:3c:e9:e4:5b:81:e9:ac:0f not-marco@rinzwind-desktop
The key's randomart image is:
+--[ RSA 2048]----+
|.o= . oo.        |
|*B.+ . .         |
|*=o .   o .      |
| = .     =       |
|. o     S        |
|E.               |
| o               |
|  .              |
|                 |
+-----------------+
not-marco@rinzwind-desktop:~$ ssh-copy-id not-marco@127.0.0.1
not-marco@127.0.0.1's password: 
Now try logging into the machine, with "ssh 'not-marco@127.0.0.1'", and check in:

  ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
Explanation
This assumes you already have successfully connected to your server via SSH.
You'll need to generate an SSH Keypair which will allow you to identify you as yourself without using a password. You can opt to protect keys with a passcode if you wish, but this can be left blank allowing totally password-less SSH access.
First create your SSH Keypair by running ssh-keygen this will create an id_rsa and id_rsa.pub file. The pub file is what goes on the servers, the private key (id_rsa) is what stays with you and is how you identify yourself.
Next copy the public key to your server with ssh-copy-id user@server replacing user with your remote user and server with the machine DNS name or IP address. It'll prompt for your SSH password, enter it and if all completes successfully you'll be able to access the machine via ssh user@serverwithout needing a password.










Posted by





at
10:37 PM



































No comments:















Post a Comment


















        

      









Subscribe to:
Post Comments (Atom)