SSH public-key authentication



Overview

We can use SSH public-key authentication between hosts to enable all sorts of useful functionality, including...

See also: Ansible : Private/Public Keys and SSH Agent setup


Setup

  1. Login to HostA as user foo

  2. Copy contents of...

    $HOME/.ssh/id_rsa.pub

    If .ssh/id_rsa.pub does not exist, run..

    $ ssh-keygen -t rsa 
    Generating public/private rsa key pair. 
    Enter file in which to save the key (/usr/local/wasuser/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /usr/local/wasuser/.ssh/id_rsa 
    Your public key has been saved in /usr/local/wasuser/.ssh/id_rsa.pub 
    The key fingerprint is: 
    05:db:12:51:9f:48:dc:43:cd:8f:22:b0:a7:47:2d:17 wasuser@hostname 
    

    Leave passphrase blank.

  3. Paste the public key to the remote host (HostB):

    $HOME/.ssh/authorized_keys

    If the directory and/or file do not exist, create them.

  4. Set file system permissions...

    chmod go-w $HOME $HOME/.ssh
    chmod 600 $HOME/.ssh/authorized_keys
    chown `whoami` $HOME/.ssh/authorized_keys

  5. You can now run commands such as the following on remote host (HostB) from local host (HostA) without being challenged. For example...

    ssh -f HostB mkdir /tmp/MyDir
    scp filename HostB:/tmp/MyDir


To set a passphrase

ssh-keygen -p


Multiple hops

To embed multiple hops of ssh, for example, to execute commands through a Jumpbox:

ssh user@bastionhost "ssh user@themachine.I.need"


rsync example

$ rsync -vprte ssh testfile.txt ihsadm@foo5dc4vl66:/data01/home/ihsadm
building file list ... done
test
sent 75 bytes  received 40 bytes  230.00 bytes/sec
total size is 0  speedup is 0.00

$ rsync -vprte ssh testfile.txt 10.1.84.139:/data01/home/wasuser
building file list ... done
test
sent 75 bytes  received 40 bytes  230.00 bytes/sec
total size is 0  speedup is 0.00


See also