Tanti Technology

My photo
Bangalore, karnataka, India
Multi-platform UNIX systems consultant and administrator in mutualized and virtualized environments I have 4.5+ years experience in AIX system Administration field. This site will be helpful for system administrator in their day to day activities.Your comments on posts are welcome.This blog is all about IBM AIX Unix flavour. This blog will be used by System admins who will be using AIX in their work life. It can also be used for those newbies who want to get certifications in AIX Administration. This blog will be updated frequently to help the system admins and other new learners. DISCLAIMER: Please note that blog owner takes no responsibility of any kind for any type of data loss or damage by trying any of the command/method mentioned in this blog. You may use the commands/method/scripts on your own responsibility. If you find something useful, a comment would be appreciated to let other viewers also know that the solution/method work(ed) for you.

Sunday 2 March 2014

SSH Login Without Password


Goal

The goal is to have an automatic login for ssh so my script doens't need any passwords in it's configuration files. Automatic login through SSH works with PKI (public key infrastructure). We want to create a public key which can be placed on the remote server user's .ssh directory.

Source Host

As the user who is going to start the script issue this command (do not enter a passphrase):
bash-3.00$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dbuser/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dbuser/.ssh/id_rsa.
Your public key has been saved in /home/dbuser/.ssh/id_rsa.pub.
The key fingerprint is:
52:45:7a:ca:85:70:7b:cb:f8:1f:33:7a:50:14:73:83 dbuser@dbserver.company.local

Target Host

You can add the public key to the authorized_keys file manually:
syncuser@syncserver:~/.ssh> ll
total 8
-rw-r--r-- 1 repluser users 1472 2009-01-05 17:12 authorized_keys
-rw-r--r-- 1 repluser users  250 2008-10-10 12:24 known_hosts
 
syncuser@syncserver:~/.ssh> vi authorized_keys
Or you can use this command to ssh from the source host:
cat .ssh/id_rsa.pub | ssh syncuser@swyncserver 'cat >> .ssh/authorized_keys'

Known Hosts

When you try to connect now you get a one time warning if the server is not yet in your list of known hosts:
The authenticity of host 'syncserver,10.10.10.10' can't be established.
RSA key fingerprint is 84:17:4c:27:21:53:ef:fc:6f:57:9d:48:03:c6:17:6b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'syncserver,10.10.10.10' (RSA) to the list of known hosts.

Authorized Key Is Ignored

If the key is ignored, as in, you still have to enter your password, it could be that the .ssh directory and or authorized key is readable/writable to others than yourself. Fix that by setting the permissions to allow only yourself (chmod 700 .ssh)

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)