Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSH Install and Config Cookbook - ssh with no password

Books

SSH Install and Config Cookbook - ssh with no password

by  rkirkw  Posted    (Edited  )
Caveat: This may not be the absolute most secure method, but it works well when all boxes are behind the same firewall.
Would not suggest the empty passphrase on boxes exposed directly to the internet.


Install ssh software on your server:

[root@smallbox] / > swinstall -s bigbox:/var/opt/ignite/depot T1471AA


ssh to Master server to get itÆs key fingerprint into your /.ssh/known_hosts file:

[root@smallbox] / > ssh bigbox
The authenticity of host 'bigbox (10.10.10.##)' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'bigbox,10.10.10.##' (RSA) to the list of known hosts.
Password:
Last login: Fri May 28 05:01:15 2004 from medbox

[root@bigbox] / >

ssh from Master server to get your key fingerprint into itÆs /.ssh/known_hosts file:

[root@bigbox] / > ssh smallbox
The authenticity of host 'smallbox (10.10.10.##)' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'smallbox,10.10.10.##' (RSA) to the list of known hosts.
Password:
Last login: Fri May 28 08:42:50 2004 from bigbox
[root@smallbox] / >

Log off of your server and then off of Master server to get back to original login shell:

[root@smallbox] / > exit
[root@bigbox] / > exit
[root@smallbox] / >

CD to the /.ssh directory on your server:

[root@smallbox] / > cd .ssh
[root@smallbox] /.ssh >

Generate public/private dsa key pairs:
Use empty passphrase

[root@smallbox] /.ssh > ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (//.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_dsa.
Your public key has been saved in //.ssh/id_dsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@smallbox

Generate public/private rsa key pairs:
Use empty passphrase

[root@smallbox] /.ssh > ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_rsa.
Your public key has been saved in //.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@smallbox

Copy Master serverÆs public key to your server:

[root@bigbox] /.ssh > scp id_dsa.pub smallbox:/.ssh/bigbox_dsa_pub
Password:
id_dsa.pub 100% 603 0.0KB/s 00:00


Add Master serverÆs public key to your servers /.ssh/authorized_keys :

[root@smallbox] /.ssh > cat bigbox_dsa_pub >> /.ssh/authorized_keys

ssh will ignore /.ssh/authorized_keys unless it is readable only by you:

[root@smallbox] /.ssh > chmod 600 /.ssh/authorized_keys

You should now be able to ssh from Master server to your server without a password:

[root@bigbox] /.ssh > ssh smallbox
Last login: Fri May 28 09:25:04 2004 from bigbox

Value of TERM has been set to "dtterm".
WARNING: YOU ARE SUPERUSER !!

[root@smallbox] / >

[root@smallbox] / > exit

[root@bigbox] /.ssh >
Register to rate this FAQ  : BAD 1 2 3 4 5 6 7 8 9 10 GOOD
Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

Back
Top