Jyoti Sensharma

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application of ssh is for remote login to computer systems by users. It is also used while doing an SCP to transfer files from one host to another host over the network.

SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH.

In this article we are going to learn how we can do a passwordless ssh from one linux host to another. By default when we do a ssh to a remote linux host it asks for a password, but entering a password every-time you do a ssh becomes time consuming. Therefore there is a way to generate a ssh key and configure other linux hosts to achieve this functionality.

Default ssh command to connect a linux host and its output

[root@node1 ~]# ssh root@node2.example.com
The authenticity of host 'node2.example.com (192.xx.xx.102)' can't be established.
ECDSA key fingerprint is SHA256:PMG2xSYmdcdkzdgXV7Nw3Jtzd0NzbLmBmXlaQEzHEQ.
ECDSA key fingerprint is MD5:aa:d5:b9:33:7e:a6:32:as:xx:0c:20:1f:55:f3:00:1e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node3.example.com,192.xx.xx.102' (ECDSA) to the list of known hosts.
root@node2.example.com's password: 
Last login: Thu Jan  4 11:23:09 2018 from 192.xx.xx.102
[root@node2 ~]# 

Steps to configure passwordless ssh to a linux host

Step1: Generate a ssh key on node1 using “ssh-keygen” utility.

[root@node1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:eb691XAY0MVxsswolHv7xhGwbr2uX7e8vZ0uOwhisrwA root@node1.example.com
The key's randomart image is:
+---[RSA 2048]----+
|            oox++|
|             =.oo|
|            . + .|
|         .   . =x|
|   E    S . . @ o|
|    .    =   o +.|
|     .  . = o =.=|
|      .. . * +=O=|
|       .o.. +o*@X|

Step2: Copying public ssh key of node1 to node2 using “ssh-copy-id” utility.

[root@node1 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@node2.example.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node2.example.com's password: 
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node2.example.com'"
and check to make sure that only the key(s) you wanted were added.

Step3: Verify the key entry in the node2 in file ~/.ssh/authorized_keys

[root@node2 ~]# less ~/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1c2EAAAADAQABAAABAQDUnkqPN1LVvyJkiIXnabmoN4hmL3WfuDcrWwURCqVAkwG0+00DEiiUXuwUL3gGDXaKpJxxJKsP1RthFtxw1Fl9OJ1QKB6m0S2CgyP5RkmFq2PwEUxyFvAXXOaHAfvISadv55mRP3iTGAUEfnQGz0wQXXLruBC4NbF27R8h1Wqx+AwS+X+qLXDjLjR3pRXQtaWDGYsLGCXN4zOovdaYN1SjqSkg23oxI/rQl9z/4nf8CZZyKM+9lYN+2wBe99PPjHf83ZVtPVfi+BN9VjUPOUm9tbUoS8RU+dEx5sEJbf1cqmZ61afaQSIs/+/m4lbX1/BvERF95vjrxOMf1 jyotisensharma@Jyotis-MBP

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoOXbrVXXWzdO0sjiDJYvPEPEAYJHS4eYS+iSTAagYlTwqXjuRYZ5PJn2LlJvGqkd+Sxbwn4GDbeGjMTzvOuTUYb7t795S0P2Y+pzKc9a03hGxC4tU8meGPLOWnJB55cMHREXT4t5qvnqCSoY0MAsY37sIRKCmK5WSXcecfRBkAalAr7LqjzlK/ujo+F09Cc+mB1VILyfszkJ2CHaf9Hznwg08MK/kZakXF3lXUC7LuVCauEnEemU6MXM5dsA25CavyM4qGYfH4d60GVlMwWWjDs4uylFLDvFxyMcfMQjaeJ+oc5GqxV2aPuDU17xrUpN6ldJXwCGKypeKGXZ root@node1.example.com

Now you can perform ssh from node1 to node2 without providing a password

[root@node1 ~]# ssh root@node2.example.com
Last login: Thu Jan  4 11:12:06 2018 from 192.xx.xx.102

[root@node2 ~]#


If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.