To avoid the need of supplying username and password everytime from trusted machine to login into your server we can generate pub/private keys to drop this authentication step from foreground
Steps involved to generate one such key pair are:
Now don't forget to add the key to the ssh agent
ssh-add keyName.pem
(Note: Do verify your ssh-agent is running.If not run it: eval `ssh-agent -s` )
Steps involved to generate one such key pair are:
- Generate key pair (.pub and .pem)
- Pass .pub file to your server to store it in its authorized_keys file
- Keep .pem(private key) at yourself whenever to be used to login to server.
1) Generating key pair
ssh-keygen -t rsa -b 2048 -v
It'll generate 2,048 bit RSA key using verbose (questions asked during) mode, and a public .pem X.509 certificate.
Supply what it ask :
Generating public/private rsa key pair.
Enter file in which to save the key (/home/anonymouse/.ssh/id_rsa):
hetznerEnter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in hetzner.
Your public key has been saved in hetzner.pub.
The key fingerprint is:
bb:c6:9c:ee:6b:c0:67:58:b2:bb:4b:44:72:d3:cc:a5 localhost@localhost
The key's randomart image is:
It wil generate two files at the specified location( default at ~/.ssh/) . File woul dbe named id_rsa.pub and id_rsa (if no name is supplied). Rename id_rsa ,the file without extension, to it_rsa.pem. This will be your private key.
Now don't forget to add the key to the ssh agent
ssh-add keyName.pem
(Note: Do verify your ssh-agent is running.If not run it: eval `ssh-agent -s` )
2) Pass public key to your server to make this key pair work
ssh-copy-id -i ~/id_rsa.pub root@your.server.ip
Follow the steps you see in the output of this command
Verfiy that you've all trusted keys listed in authorized_keys file on server:
sudo nano ~/.ssh/authorized_keys
or $ sudo cat
~/.ssh/authorized_keys
2) Test the connection now. Try login from client using private key(.pem) into your server:
sudo ssh -i ~/id_rsa.pem root@
your.server.ip
If you have multiple servers and prividing private key in the input is tedious for you, then generate ssh config file. This way you can access your server simply by SSH'ng into it by their name
SSH config
- Generate ~/.ssh/config file with following content/template:
Host server1 server1.company.com
Hostname 12.34.56.78
User ubuntu
IdentityFile /media/11361B1123123634/server1.pem
Host server2 server2.company.com
Hostname server2.company.com
User root
IdentityFile /media/11361B1123123634/server2.pem
Host myPC myPC.local
Hostname 192.168.0.106
User mike
IdentityFile /home/mike/.ssh/id_rsa
This file is recognized by ssh and would be used by other utilities like rsync as well.
Try SSHin'g now
ssh server1
Troubleshooting:
- Permissions on clients ~/.ssh should be dr-xr-x---
chmod 550 .ssh - Troubles with key path, rsync prompting for password when should not
If using rsync with sudo, it looks for key file in /root/.ssh/config not in /home/user/.ssh/config, so be sure to copy or link this file to correct location, otherwise ssh and scp will be working fine while rsync will prompt for password. - Error while running ssh-add
vagrant@vagrant-ubuntu-precise-64:~$ ssh-add ~/.ssh/id_rsa.pub
Could not open a connection to your authentication agent.
Here You might need to startssh-agent
before you run thessh-add
command:
$ eval `ssh-agent -s`
$ ssh-add
if in root its' not working then try this:
$ exec ssh-agent bash
$ exec ssh-agent bash
---------------------
Reference:
http://www.beginninglinux.com/home/server-administration/openssh-keys-certificates-authentication-pem-pub-crt
No comments:
Post a Comment