I have two server
server1
server2
want to login server 2 from server 1,I added both pub key (ssh_host_rsa_key.pub) in one another server in .ssh/authorized_keys.
when i run #cd /etc/ssh;ls -ltr able to see below file
sshd_config
ssh_config
moduli
ssh_host_key.pub
ssh_host_key
ssh_host_rsa_key.pub
ssh_host_rsa_key
ssh_host_dsa_key.pub
ssh_host_dsa_key
Host keys ssh_host_rsa_key.pub are stored automatically by ssh in known_hosts files; they are not intended to be managed by the user.
The authorized_keys is intended for user identity files. What you really want to do is to use ssh-keygen to generate an identity file representing you:
ssh-keygen -t ecdsa
Two identity files are generated: the private key id_ecdsa and the public key id_ecdsa.pub. Copy the public key into server2's .ssh/authorized_keys.
If you created a passphrase for your identity files, that's what you will be using from now on. Otherwise, your login will be password-less.
Related
I have a sftp server on linux machine A and I want to access it via password-less authentication to connect from machine B. So I created a ssh key pair on machine B but I'm not sure how to copy that pub-key to the sftp server. Both machines are centos7 machines. Can someone please shed some light on how to copy a file to the sftp server with a command or script that will allow password-less authentication to the sftp server (server A)?
Arun, in order for public-key/private-key authorization to work on Linux, there are a few formalities regarding the keys that need to be observed. Primarily the permissions and the file that contains the public key from Server B on Server A.
First on Server B, generate your public and private keys with, e.g. ssh-keygen -t rsa. This will create ~/.ssh/id_rsa (your private key) and ~/.ssh/id_rsa.pub (your public key) with the default length (generally 2048 bytes). The permissions on your private key must be 0600 (e.g. -rw-------)
(note:, you can choose to generate an ecdsa type key if you need, but do not use dsa as use of dsa keys has been deprecated and their use is generally disabled by default on current versions of openssh)
In order to login without password to Server A, your public key must be copied to Server A and it must be appended to (or copied to if it is the first key) ~/.ssh/authorized_keys file on Server A. The directory permissions for ~/.ssh on Server A must be 0700 (e.g. drwx------)
(note: the other file permissions can be 0644)
The easiest way to get this all done from Server B is, after generating your key, is to scp (or rsync) your public key to Server A, either directly as ~/.ssh/authorized_keys if you have no other keys on Server A, or by copying your public key to Server A and using cat and redirection (in append, not truncate/replace, mode) add your public key to the existing ~/.ssh/authorized_keys file there, e.g.
If you have NO other public keys on Server A
scp ~/.ssh/id_rsa.pub Server_A:~/.ssh/authorized_keys
If you are Adding to existing ~/.ssh/authorized_keys on Server A
scp ~/.ssh/id_rsa.pub Server_A:~/.ssh/id_rsa.pub.B
ssh Server_A "cat ~/.ssh/id_rsa.pub.B >> ~/.ssh/authorized_keys"
(note: that ".B" was appended to the public key name when copying to Server A to prevent overwriting any existing id_rsa.pub on Server A. You can now delete ~/.ssh/id_pub.rsa.B on Server A -- it is now in ~/.ssh/authorized_keys`)
That's it. Now ssh Server_A from Server B should work without a password. (everything that relies on ssh works without a password between Server B and A as well, e.g. scp, rsync, etc...) If you have any problems, use ssh -vv Server_A to get debugging output of where the authentication fails.
One way you could do this is
$ scp <path to local file> <server address:server path>
or you can use
$ put <path to local file> <server address: server path>
I'm trying to set up an ssh connection from ServerA to ServerB without password, and the ssh connection keeps asking me for the passphrase of my private key.
Here is my configuration:
ServerA
The /home/user/.ssh folder has a CHMOD: rwx------, and is owned by user:user
The files /home/user/.ssh/id_rsa.pub and /home/user/.ssh/id_rsa have a CHMOD: -rw------- and are owend by user:user
ServerB
I created a user serverA on the ServerB.
The folder /home/serverA/.ssh has a CHMOD: drwx------ and is owned by serverA:serverA
The file /home/serverA/.ssh/authorized_keys contains the public key of the user on the ServerA, and has a CHMOD: -rw-r-----
In the file /etc/ssh/sshd_config I added the following lines:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
However, when I am on ServerA and I try to type:
ssh ServerA#ServerB, it asks me for the passphrase of my private key. When I give it, I get connected.
Do you know how I could do to avoid typing the passphrase of ServerA every time?
When you run ssh-keygen, you must have given the certificate a pass phrase. To not have to enter a pass phrase just press enter on that question to set an empty one when.
You can use ssh-agent, which will "remember" your passphrase for specified time. In short:
eval `ssh-agent` # start ssh-agent
ssh-add /path/to/your.key # remeber the key
ssh ServerA#ServerB # will not ask for a passphrase
for more information, check more questions about ssh-agent or its manual page.
Can we setup a password less authentication between two different uses in two machine.
Eg: Computer A has user A,Computer B has user B.
Can we setup passwords ssh that User A from Computer A to log into computer B using his User account(A).
Thank you!!
If I understand your question, can you set up ssh-keys to allow user A and user B to log into to two different computers A & B without providing a password? Sure, but user A can't log into user B's account via ssh any more than user A can log into user B's account on a local machine. (directory ownerships are different for the $HOME, etc.. That's what su is for).
To create a password less login, let's take user A and computer A who has an account on computer B and would like to ssh hostnameB and login without providing a password.
(1) user A creates a public_key and private_key on computer A with ssh-keygen -t ecdsa (for an ecdsa encryption key. dsa keys are no longer supported due to insecurity in the current openssh). When ssh-keygen is run it will create two files (by default in $HOME/.ssh). The keys are id_edcsa (the private key) and id_ecdsa.pub (the public key).
(2) for user A to login to computer B without a password, he must first transfer his public_key to computer B and add it to his $HOME/.ssh/authorized_keys file on computer B. e.g. from computer A:
$ ssh-keygen -t ecdsa # generate key-pair
$ cd ~/.ssh # verify private and public keys created
$ rsync -a id_ecdsa.pub hostnameB:~/.ssh/id_ecdsa.pub.hostA
password: enter pw
$ ssh hostnameB
password: enter pw
$ cd ~/.ssh
$ cat id_dsa.pub.hostA >> authorized_keys # permissions must be 0600
$ exit # exit hostnameB
note: above you could rsync the public_key directory to the computer B ~/.ssh/authorized_keys file if you are sure one does NOT already exist to save time a completely skip the last step copying the transferred file into it above. e.g.
$ rsync -a id_ecdsa.pub hostnameB:~/.ssh/authorized_keys
(you may have to check permissions on computer B afterwards)
Now for the test, user A should no longer need a password to long into computer B. From computer A:
$ ssh hostnameB
$ welcome to hostnameB>
Now you simply repeat the process of creating key-pairs for each user and transferring the public_key to the host you want to access w/o a password and add the public_key to the authorized_keys file. (note: you can just copy the same private_key to everyone's ~/.ssh directory and add the same public_key to everyone's ~/.ssh/authorized_keys file, but that sort of defeats the purpose of having separate keys). note: each authorized_keys file must be owned by the user owning the $HOME/.ssh directory and the file permissions must be 0600 (-rw-------) or sshd will not allow a connection.
That's all there is to it (you can check in /etc/ssh/sshd_config to insure the name of authorized_keys file has not been changed to something else.
Give it a try and let me know if you have questions. I done it hundreds of times -- no issues as long as your follow those rules.
I am new to Ubuntu-Linux,i have to create a ssh user in remote system and generate its key. and access this system by key_file through the command.
ssh -i key_file user#host
Can any body tell me how can i do ?
On the system you are trying to connect to, the public key (usually id_rsa.pub or something similar) needs to be added to the authorized_keys file.
If the user is brand new and the authorized_keys file doesn't exist yet, this command will create it for you.
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
Next just make sure sshd is running on the host and you should be able to connect with the command you posted.
on remote-server-
ssh-keygen
ssh-copy-id user#host
cd .ssh
make a copy of the file id_rsa and give any body who want to access this server/system.
on the other system
ssh -i id_rsa user#host
If you want to connect to another host as user "user", what you need is the public key of the user that is going to open that connection, i.e. the user you are logged in on your desktop computer or some server you are coming from, not for the user, you are logging in to on the remote host.
You can check, if the keys for your current user are already created in $HOME/.ssh; there you should find something like "id_rsa" and "id_rsa.pub" (for rsa keys). If they don't exist, you create them by calling
ssh-keygen -t rsa
The public key that is generated that way, id_rsa.pub in this example, has to be put in a file ${HOME of user on remote host}/.ssh/authorized_keys on the target host.
If this file does not exist on the remote host or if even .ssh does not exist, you have to create those files with the following permissions:
.ssh 700
.ssh/authorized_keys 600
See http://www.openssh.com/faq.html#3.14 for details.
A detailed description of the process can be found here:
https://help.github.com/articles/generating-ssh-keys/
i need to make passwordless login for same linux server with same user.
[airwide#eir ~]$ hostname -i
10.3.7.73
[airwide#eir ~]$ ssh airwide#10.3.7.73
airwide#10.3.7.73's password:
how can make to passwordless for same server?
Password-free login via SSH is managed using SSH keys. You can generate a keypair using the command ssh-keygen. The ssh keypair is usually stored in ~/.ssh in a pair of files named id_rsa and id_rsa.pub. When you use SSH to connect to a server, the SSH command will look for a private key in ~/.ssh/id_rsa, and will attempt to authenticate using that key. In order to authorize the key, you will need to place the public key into your authorized_keys file:
`cat ~/./ssh/id_rsa.pub >> ~/.ssh/authorized_keys`
Once you've done that, you will be able to use SSH to connect without a password from the server where the id_rsa file is to the server that has the content of id_rsa.pub in its authorized_keys file. (You can do this for same-server, as in your question, or between multiple servers. Either way, it's the same process.)
Add server's private key in known host key under .ssh folder.
You are looking for ssh keys. You can create one by entering ssh-keygen. This wil create a public key and a private key. You place the public key on the remote server, and then you can use SSH without a password.
More details, and howto:
https://wiki.archlinux.org/index.php/SSH_keys