In server administration, the ability to establish a Secure Shell (SSH) connection without the need for a password is a valuable skill. This tutorial will guide you through the process of setting up and configuring your Linux servers to allow password-less SSH connections. This setup can be particularly useful for automating tasks, such as copying data from one server to another. The steps outlined in this tutorial have been tested on CentOS 6.2, but they should also work on other CentOS versions and Red Hat Enterprise Linux versions.
Before we dive in, it’s important to understand the roles of the two servers involved in this process. The client server, referred to as server2, is where the SSH session is initiated via the SSH command. The main server, referred to as server1, is where the SSH session from server2 connects to. This tutorial assumes that you are using the root account on CentOS 6.2.
Step 1: Configure /etc/hosts for Both Servers
The first step is to add and configure the /etc/hosts file on both servers (the SSH client and the SSH server). You can do this by opening the file with a text editor, such as vi:
[root@server1 ~]# vi /etc/hosts [root@server2 ~]# vi /etc/hosts
Add the following lines to the /etc/hosts file on both servers:
192.168.1.44 server1 192.168.1.48 server2
Step 2: Create a Hidden SSH Directory on Server2
Next, log in as root to server2 and create a hidden directory called ssh under your account:
[root@server2 ~]# mkdir -p $HOME/.ssh
Set the permissions for this directory as follows:
[root@server2 ~]# chmod 0700 $HOME/.ssh
Step 3: Configure SSH Keys Authentication on Server2
Now, it’s time to configure SSH Keys Authentication. You can do this by typing the following command:
[root@server2 ~]# ssh-keygen
When prompted, press enter until the process ends. Also, press enter for the passphrase:
Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint and the key’s randomart image will be displayed. Like that:
The key fingerprint is: 83:20:f0:1d:11:db:7e:e9:be:d6:ed:a2:e7:f1:ac:34 root@server2 The key's randomart image is: +--[ RSA 2048]----+ |. +o | | o . + | | o + . | | . o . . | | o S | | o . | | ..E. | | ...+=. | | .+=o++ | +-----------------+
Step 4: Verify the Files Generated by the ssh-keygen Command
After generating the SSH keys, you should verify the files that were produced by the ssh-keygen command. Normally, these files are automatically stored under $HOME/.ssh:
[root@server2 ~]# ls $HOME/.ssh id_rsa id_rsa.pub
Step 5: Create a Hidden SSH Directory on Server1
Now, log in as root to server1 and create a hidden directory called ssh under your account:
[root@server1 ~]# mkdir -p $HOME/.ssh
Set the permissions for this directory as follows:
[root@server1 ~]# chmod 0700 $HOME/.ssh
Step 6: Copy the Public Key to Server1
From server2, copy over the id_rsa.pub (public key) to server1:
[root@server2 ~]# scp $HOME/.ssh/id_rsa.pub root@server1:$HOME/.ssh
You will be prompted about the authenticity of host ‘server1’. Type ‘yes’ to continue connecting. You will then be asked for the root password for server1.
Step 7: Export the Public Key to authorized_keys on Server1
On server1, navigate to the ssh directory and execute these commands:
[root@server1 ~]# cd $HOME/.ssh
Export the id_rsa.pub key to authorized_keys:
[root@server1 .ssh]# cat id_rsa.pub >> $HOME/.ssh/authorized_keys
Set the permissions for the authorized_keys file as follows:
[root@server1 .ssh]# chmod 0600 $HOME/.ssh/authorized_keys
Step 8: Test the SSH Connection
You have now successfully configured SSH without a password. From now on, you can log into server1 as root from server2 without needing a password:
[root@server2 ~]# ssh root@server1
Commands Mentioned
- vi /etc/hosts – Opens the /etc/hosts file in the vi text editor.
- mkdir -p $HOME/.ssh – Creates a hidden directory called ssh under your account.
- chmod 0700 $HOME/.ssh – Sets the permissions for the .ssh directory.
- ssh-keygen – Generates SSH keys.
- ls $HOME/.ssh – Lists the files in the .ssh directory.
- scp $HOME/.ssh/id_rsa.pub root@server1:$HOME/.ssh – Copies the public key to server1.
- cat id_rsa.pub >> $HOME/.ssh/authorized_keys – Exports the public key to authorized_keys.
- chmod 0600 $HOME/.ssh/authorized_keys – Sets the permissions for the authorized_keys file.
- ssh root@server1 – Logs into server1 as root from server2.
Conclusion
By following the steps outlined in this tutorial, you have successfully configured your Linux servers to allow SSH connections without the need for a password. This setup is particularly useful for automating tasks and streamlining your server administration workflow.
Remember, the steps provided in this tutorial have been tested on CentOS 6.2, but they should also work on other CentOS versions and Red Hat Enterprise Linux versions. Always ensure that you are logged in as root when performing these steps for the best results.
Frequently Asked Questions
-
What is the purpose of SSH keys?
SSH keys serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication. This is a more secure and convenient method than the traditional password authentication.
-
Why would I want to set up SSH without a password?
Setting up SSH without a password can streamline your workflow by eliminating the need to manually enter a password each time you connect to the server. It also enables you to automate tasks that involve connecting to the server, such as data transfers or running scripts.
-
Is it safe to use SSH without a password?
Yes, using SSH without a password is safe as long as you keep your private key secure. The private key is used to authenticate your connection, and if it falls into the wrong hands, it could be used to access your server. Therefore, it’s crucial to protect your private key and ensure it’s stored in a secure location.
-
What is the role of the authorized_keys file in SSH authentication?
The authorized_keys file in SSH authentication plays a crucial role. It contains all the public keys of users allowed to authenticate to the system. When a user tries to connect, the server checks the authorized_keys file for the user’s public key. If a match is found, the server uses it to verify the user’s identity.
-
What is the difference between the id_rsa and id_rsa.pub files?
The id_rsa file is your private key, while the id_rsa.pub file is your public key. The private key should be kept secret and secure, as it can be used to access systems that recognize your public key. The public key, on the other hand, can be shared freely and is used by servers to verify your identity.