UnixServerAdmin

Server Administration & Management

ssh-keygen: SSH login without using Password

System-1 :- 192.168.1.5
System-2 :- 192.168.1.10

ssh-keygen creates the public and private keys

ssh-copy-id copies the local-host’s public key to the remote-host’s authorized_keys file and also assigns proper permission to the remote-host’s home, ~/.ssh, and ~/.ssh/authorized_keys.

Step 1: Create public and private keys using ssh-key-gen on local-host –> 192.168.1.5

192.168.1.5# ssh-keygen -t rsa

Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): [Enter key]
Enter passphrase (empty for no passphrase): [Enter key]
Enter same passphrase again: [Enter key]
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is: 93:58:20:56:72:d7:bd:14:86:9f:42:aa:82:3d:f8:e5 root@192.168.1.5

Step 2: Copy the public key to remote-host –> 192.168.1.10 using ssh-copy-id

192.168.1.5# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.1.10

root@192.168.1.10’s password:
Now try logging into the machine, with “ssh ‘192.168.1.10’”, and check in:

.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

Note: ssh-copy-id appends the keys to the 192.168.1.10’s .ssh/authorized_key.

Step 3: Login to remote-host without entering the password

192.168.1.5# ssh 192.168.1.10
Last login: Sun Nov 16 17:22:33 2011 from 192.168.1.5
[Note: SSH did not ask for password.]

192.168.1.10#

[Note: You are on remote-host here]

Advertisements

January 1, 2012 - Posted by | Security, SSH, Tips & Tricks | , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: