SSH public-key authentication
Overview
We can use SSH public-key authentication between hosts to enable all sorts of useful functionality, including...
- Password-less login from HostA to HostB
- Ability to execute remote commands from HostA on HostB
- We can automatically administer an entire nework of servers from a central server.
See also: Ansible : Private/Public Keys and SSH Agent setup
Setup
- Login to HostA as user foo
- Copy contents of...
$HOME/.ssh/id_rsa.pubIf .ssh/id_rsa.pub does not exist, run..
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/usr/local/wasuser/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /usr/local/wasuser/.ssh/id_rsa Your public key has been saved in /usr/local/wasuser/.ssh/id_rsa.pub The key fingerprint is: 05:db:12:51:9f:48:dc:43:cd:8f:22:b0:a7:47:2d:17 wasuser@hostnameLeave passphrase blank.
- Paste the public key to the remote host (HostB):
$HOME/.ssh/authorized_keysIf the directory and/or file do not exist, create them.
- Set file system permissions...
chmod go-w $HOME $HOME/.ssh
chmod 600 $HOME/.ssh/authorized_keys
chown `whoami` $HOME/.ssh/authorized_keys- You can now run commands such as the following on remote host (HostB) from local host (HostA) without being challenged. For example...
ssh -f HostB mkdir /tmp/MyDir
scp filename HostB:/tmp/MyDir
To set a passphrase
ssh-keygen -p
Multiple hops
To embed multiple hops of ssh, for example, to execute commands through a Jumpbox:ssh user@bastionhost "ssh user@themachine.I.need"
rsync example
$ rsync -vprte ssh testfile.txt ihsadm@foo5dc4vl66:/data01/home/ihsadm building file list ... done test sent 75 bytes received 40 bytes 230.00 bytes/sec total size is 0 speedup is 0.00 $ rsync -vprte ssh testfile.txt 10.1.84.139:/data01/home/wasuser building file list ... done test sent 75 bytes received 40 bytes 230.00 bytes/sec total size is 0 speedup is 0.00
See also