nixCraft Linux Forum

nixCraft

Linux Tech Support Forum

Mini How to :: How to configure ssh keys on Linux

This is a discussion on Mini How to :: How to configure ssh keys on Linux within the Getting started tutorials forums, part of the Linux Getting Started category; This is my first document on this forum and it will help you in configuring ssh keys for autologin. Scope: ...


Go Back   nixCraft Linux Forum > Linux Getting Started > Getting started tutorials

Mini How to :: How to configure ssh keys on Linux Mini How to :: How to configure ssh keys on Linux

Register FAQ Members List Calendar Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-19-2006, 06:41 PM
Member
User
  
Join Date: Jan 2005
Location: Pune, India.
Posts: 47
Rep Power: 0
Ashish Pathak
Send a message via MSN to Ashish Pathak Send a message via Yahoo to Ashish Pathak
Default Mini How to :: How to configure ssh keys on Linux
This is my first document on this forum and it will help you in configuring ssh keys for autologin.

Scope:

This document will guide you in configuring ssh keys on Linux, normally you need such type of configuration when you connect to some Linux server using some scripts without giving username and password to do some sys admin activity.

Steps:

Make sure that ssh is installed on all the servers. Here is the output of rpm -qa from server1

Code:
[root@server1 ~]# rpm -qa |grep ssh
openssh-clients-3.9p1-8.RHEL4.9
openssh-askpass-3.9p1-8.RHEL4.9
openssh-3.9p1-8.RHEL4.9
openssh-server-3.9p1-8.RHEL4.9
openssh-askpass-gnome-3.9p1-8.RHEL4.9
[root@server1 ~]#[/i]
Here is the output of rpm -qa from server2

Code:
[root@server2 ~]# rpm -qa | grep ssh
openssh-clients-3.9p1-8.RHEL4.9
openssh-askpass-3.9p1-8.RHEL4.9
openssh-3.9p1-8.RHEL4.9
openssh-server-3.9p1-8.RHEL4.9
openssh-askpass-gnome-3.9p1-8.RHEL4.9
[root@server2 ~]#
Now generate a ssh key on server1 using following commands.

Code:
[root@server1 ~]# ssh-keygen -t dsa (Press Enter)
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): (Enter passphrase if you want, otherwise just Enter)
Enter same passphrase again: (Enter Again)
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
1e:56:19:54:86:03:38:61:d5:1e:2c:c7:c3:11:bf:50 root@server1
[root@server1 ~]#
Now you need to copy /root/.ssh/id_dsa.pub from server1 to server2 and need to rename it to authorized_keys, place this file in the same directory i.e. /root/.ssh on server2. If you don't find this directory then create it and chnage the permissions to 644 using chmod.

Code:
[root@server1 ~]# scp /root/.ssh/id_dsa.pub server2:/root/.ssh/authorized_keys
The authenticity of host 'server2 (10.216.152.221)' can't be established.
RSA key fingerprint is c1:14:0b:ef:0d:c7:48:94:2e:e3:fc:62:9a:2c:e6:2b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server2' (RSA) to the list of known hosts.
root@server2's password:
id_dsa.pub                                                                                                               100%  602     0.6KB/s   00:00

Note: Here you need to give root password of server2 since you are scping the file with username root from server1. Once you have configured ssh keys it wont ask you about the password.

Now login to server2 and check for authorized_keys file in /root/.ssh directory.

Code:
[root@server2 .ssh]# pwd
/root/.ssh

[root@server2 .ssh]# ls -lrt
total 24
-rw-r--r--  1 root root 224 Jan 27 06:22 known_hosts
-rw-r--r--  1 root root 602 Jun 14 05:54 id_dsa.pub
-rw-r--r--  1 root root 602 Jun 14 07:28 authorized_keys
[root@server2 .ssh]#
Now login from server1 to server2 using ssh and it will not ask for any password.


Code:
[root@server1 ~]# ssh server2
Last login: Wed Jun 14 07:28:36 2006 from server2
[root@server2 ~]#
To achive the same from server2, follow the all steps mentioned above on server2.

Do let me know your comments on this document.
Thanks for your reading!
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 06-20-2006, 05:09 PM
monk's Avatar
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
My distro: Debian GNU/Linux
Posts: 482
Rep Power: 5
monk will become famous soon enough monk will become famous soon enough
Default
Good to see more and more people contributing back. Keep it up good work.
Reply With Quote
  #3 (permalink)  
Old 05-09-2008, 08:30 PM
Junior Member
User
  
Join Date: May 2008
My distro: fedora
Posts: 20
Rep Power: 0
permalac is on a distinguished road
Default
It's an old post but I have a doubt on it. (hope there is no problem)

Here it goes:


I've just done all this stuff but with one difference, I would like to log in server2 as a non privileged user.

I log in as root (without password) in server2, but there is no way to log in as normalUser without password.

I can log in as normalUser using password.

What can be wrong?

I've just copied /root/.ssh/* to /home/user/.ssh/ and still can't connect as user.
Guess is something on the config file but i don't know what.

Thanks for reading.

Quote:
$ ssh -v user@host
.
.
.
.
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: password
backupMan@lirondo.domain.org's password:
:/
Last edited by permalac; 05-09-2008 at 08:36 PM.
Reply With Quote
  #4 (permalink)  
Old 08-31-2008, 02:18 PM
Junior Member
User
  
Join Date: Aug 2008
My distro: RedHat
Posts: 1
Rep Power: 0
siva is on a distinguished road
Default auto-login for normal user
permalac,

you should make the keys for the normal user by using ssh-keygen. After that copy the public key as in his .ssh/authorized_keys.

Right now you are trying to use root's keys. it will not work. what are the steps you made for the root user to connect the second server, that you should perform for this normal user
Reply With Quote
Reply

Bookmarks

« What are the advantages of Linux? | Linux Command To Open RPM File »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
Linux Configure Name Resolution raj Networking, Firewalls and Security 1 03-28-2008 09:19 AM
GPG Keys Error ramrishie Linux software 1 10-28-2007 07:58 PM
mini HOWTO - Linux Kernel Compilation B!n@ry Getting started tutorials 17 09-12-2007 12:27 PM
Smart mini HowTo B!n@ry Getting started tutorials 4 12-17-2006 03:23 AM
Linux how do I configure my modem? goku Linux software 1 07-17-2006 11:18 PM


All times are GMT +5.5. The time now is 10:58 AM.

Contact Us - Linux answers from nixCraft - Archive - Top

Powered by vBulletin® Version 3.7.3 - Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36