Tuesday, August 4, 2015

Script - ssh-keygen for autologin

ssh-keygen for autologin without password authentication
1.  Generate a key
$ ssh-keygen -t rsa

$ cd .ssh; cp id_rsa.pub authorized_keys
$ scp authorized_keys destination.server:/user/home/ur-logname/.ssh/

Now, you should be able to lgin without password.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Login to hostA with user1 and from hostA, login to hostB as user2 without supplying password.

1. Login to hostA as a user1 and generate a key
$ ssh-keygen -t rsa -N "" -b 2048
$ cd .ssh; ls

2. copy public to hostB
$ scp id_rsa.pub hostb:/tmp/id_rsa.pub

3. Now, login to hostB with user2 and check the existing authorized_keys file if exist. if not create
$ cd .ssh;  cat authorized_keys
if does not exist just copy over it.
$ touch authorized_keys

4. If file is there with some keys then append the new public key content
$ cat /tmp/id_rsa.pub >> authorized_keys

5. Now, go back to machine hostA with user1 and try to connect to hostB with user2.
$ ssh user2@hostB

should be able to login without any password prompt.

Note: Please check /etc/ssh/sshd_config file and verify where the key should be installed.
Check the file /etc/ssh/sshd_config and look  for AuthorizedKeysFile value. it can be like this,

AuthorizedKeysFile   /etc/ssh/Authorized_Keys/%u

in this case, you copy the public to /etc/ssh/Authorized_Keys/UR_LOGNAME

say you have a user sam, you will do like below,

$ cat authorized_keys >> /etc/ssh/Authorized_keys/sam

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

or

1. Generate a key
$ ssh-keygen -t rsa -N "" -b 2048

2. On your home dir create two directories
$ mkdir bin etc

3. On your etc directory, create a file with all host name, use ip rather than host if there is an issue with dns.
$ cat > hosts.withip
192.168.10.111      host1
192.168.10.112      host2
192.168.10.113      host3
#192.168.10.125      host25
.........................

4. Go to bin directory and create a file with following content
$ cat >copykey.sh
#!/bin/bash
# Date:
# Auther:
# This script copies user's authorized key
# Tested and works on Solaris 10
#
for i in `cat ../etc/hosts.withip | grep -v "#" | awk '{print $1}'`
do
    echo "Checking $i"
    ssh-keyscan $i  >>~/.ssh/known_hosts
    ssh -q $i mkdir .ssh
    scp -qp authorized_keys $i:/export/home/user/.ssh/
    # ssh -q $i /usr/local/bin/sudo /usr/sbin/usrdel -r <userid>
done
# EOF

Find what is missing and see if you can make it better.



No comments:

Post a Comment