ssh-keygen for autologin without password authentication
1. Generate a key
$ ssh-keygen -t rsa
$ cd .ssh; cp id_rsa.pub authorized_keys
$ scp authorized_keys destination.server:/user/home/ur-logname/.ssh/
Now, you should be able to lgin without password.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Login to hostA with user1 and from hostA, login to hostB as user2 without supplying password.
1. Login to hostA as a user1 and generate a key
$ ssh-keygen -t rsa -N "" -b 2048
$ cd .ssh; ls
2. copy public to hostB
$ scp id_rsa.pub hostb:/tmp/id_rsa.pub
3. Now, login to hostB with user2 and check the existing authorized_keys file if exist. if not create
$ cd .ssh; cat authorized_keys
if does not exist just copy over it.
$ touch authorized_keys
4. If file is there with some keys then append the new public key content
$ cat /tmp/id_rsa.pub >> authorized_keys
5. Now, go back to machine hostA with user1 and try to connect to hostB with user2.
$ ssh user2@hostB
should be able to login without any password prompt.
Note: Please check /etc/ssh/sshd_config file and verify where the key should be installed.
Check the file /etc/ssh/sshd_config and look for AuthorizedKeysFile value. it can be like this,
AuthorizedKeysFile /etc/ssh/Authorized_Keys/%u
in this case, you copy the public to /etc/ssh/Authorized_Keys/UR_LOGNAME
say you have a user sam, you will do like below,
$ cat authorized_keys >> /etc/ssh/Authorized_keys/sam
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
or
1. Generate a key
$ ssh-keygen -t rsa -N "" -b 2048
2. On your home dir create two directories
$ mkdir bin etc
3. On your etc directory, create a file with all host name, use ip rather than host if there is an issue with dns.
$ cat > hosts.withip
192.168.10.111 host1
192.168.10.112 host2
192.168.10.113 host3
#192.168.10.125 host25
.........................
4. Go to bin directory and create a file with following content
$ cat >copykey.sh
#!/bin/bash
# Date:
# Auther:
# This script copies user's authorized key
# Tested and works on Solaris 10
#
for i in `cat ../etc/hosts.withip | grep -v "#" | awk '{print $1}'`
do
echo "Checking $i"
ssh-keyscan $i >>~/.ssh/known_hosts
ssh -q $i mkdir .ssh
scp -qp authorized_keys $i:/export/home/user/.ssh/
# ssh -q $i /usr/local/bin/sudo /usr/sbin/usrdel -r <userid>
done
# EOF
Find what is missing and see if you can make it better.
1. Generate a key
$ ssh-keygen -t rsa
$ cd .ssh; cp id_rsa.pub authorized_keys
$ scp authorized_keys destination.server:/user/home/ur-logname/.ssh/
Now, you should be able to lgin without password.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Login to hostA with user1 and from hostA, login to hostB as user2 without supplying password.
1. Login to hostA as a user1 and generate a key
$ ssh-keygen -t rsa -N "" -b 2048
$ cd .ssh; ls
2. copy public to hostB
$ scp id_rsa.pub hostb:/tmp/id_rsa.pub
3. Now, login to hostB with user2 and check the existing authorized_keys file if exist. if not create
$ cd .ssh; cat authorized_keys
if does not exist just copy over it.
$ touch authorized_keys
4. If file is there with some keys then append the new public key content
$ cat /tmp/id_rsa.pub >> authorized_keys
5. Now, go back to machine hostA with user1 and try to connect to hostB with user2.
$ ssh user2@hostB
should be able to login without any password prompt.
Note: Please check /etc/ssh/sshd_config file and verify where the key should be installed.
Check the file /etc/ssh/sshd_config and look for AuthorizedKeysFile value. it can be like this,
AuthorizedKeysFile /etc/ssh/Authorized_Keys/%u
in this case, you copy the public to /etc/ssh/Authorized_Keys/UR_LOGNAME
say you have a user sam, you will do like below,
$ cat authorized_keys >> /etc/ssh/Authorized_keys/sam
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
or
1. Generate a key
$ ssh-keygen -t rsa -N "" -b 2048
2. On your home dir create two directories
$ mkdir bin etc
3. On your etc directory, create a file with all host name, use ip rather than host if there is an issue with dns.
$ cat > hosts.withip
192.168.10.111 host1
192.168.10.112 host2
192.168.10.113 host3
#192.168.10.125 host25
.........................
4. Go to bin directory and create a file with following content
$ cat >copykey.sh
#!/bin/bash
# Date:
# Auther:
# This script copies user's authorized key
# Tested and works on Solaris 10
#
for i in `cat ../etc/hosts.withip | grep -v "#" | awk '{print $1}'`
do
echo "Checking $i"
ssh-keyscan $i >>~/.ssh/known_hosts
ssh -q $i mkdir .ssh
scp -qp authorized_keys $i:/export/home/user/.ssh/
# ssh -q $i /usr/local/bin/sudo /usr/sbin/usrdel -r <userid>
done
# EOF
Find what is missing and see if you can make it better.
No comments:
Post a Comment