SSH & the Passwordless login with ssh key

 

Even if your OS initial installation did not include SSH, you can easily install and configure SSH manually. The following setup is performed on Debian based Linux Lite Operating System,

 
Install SSH Server
 
kiran@deegelinuxlite:~$ sudo apt-get install ssh
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
 ssh
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 1,278 B of archives.
After this operation, 29.7 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main ssh all 1:5.9p1-5ubuntu1.1 [1,278 B]
Fetched 1,278 B in 0s (6,868 B/s)
Selecting previously unselected package ssh.
(Reading database ... 227863 files and directories currently installed.)
Unpacking ssh (from .../ssh_1%3a5.9p1-5ubuntu1.1_all.deb) ...
Setting up ssh (1:5.9p1-5ubuntu1.1) ...

Restart the SSH server if needed and check the status

 
kiran@deegelinuxlite:~$ sudo service ssh restart
ssh stop/waiting
ssh start/running, process 14427
kiran@deegelinuxlite:~$ sudo service ssh status
ssh start/running, process 14427
kiran@deegelinuxlite:~$ 
 
 

Generate the SSH key pair with empty password

kiran@deegelinuxlite:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/kiran/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/kiran/.ssh/id_rsa.
Your public key has been saved in /home/kiran/.ssh/id_rsa.pub.
The key fingerprint is:
b7:d1:b8:5d:c3:ff:6a:3f:e1:2d:a6:45:1f:74:35:e1 kiran@deegelinuxlite
The key's randomart image is:
+--[ RSA 2048]----+
|               oo|
|              . o|
|               E.|
|           o .. .|
|        S + . =. |
|         . = o =.|
|          o . o =|
|             .+oo|
|            .+.++|
+-----------------+
kiran@deegelinuxlite:~$ 

 

Copy the Public / Private Keys

 
=> To enable SSH login without prompting for the password, add the public key to the authorized keys file and make sure the file is secured properly
 
kiran@deegelinuxlite:~$ cp -p  /home/kiran/.ssh/id_rsa.pub /home/kiran/.ssh/authorized_keys
kiran@deegelinuxlite:~$ ls -alrt  /home/kiran/.ssh/authorized_keys
-rw-r--r-- 1 kiran kiran 402 Mar  2 18:30 /home/kiran/.ssh/authorized_keys
kiran@deegelinuxlite:~$ chmod 600 /home/kiran/.ssh/authorized_keys
 
 
kiran@deegelinuxlite:~$ ssh localhost
Welcome to Linux Lite 1.0.8 (GNU/Linux 3.8.0-34-generic i686)
 
 * Documentation:  https://help.ubuntu.com/
 
5 packages can be updated.
5 updates are security updates.
 
Last login: Mon Mar  3 13:41:35 2014 from localhost
 
 
 
=> To log on to other servers in the network with the same key, you can use ssh-copy-id command to copy the public key to the authorized_keys file on the destination server
 
kiran@deegelinuxlite:~$ ssh-copy-id kiran@kirlina
kiran@kirlina's password: 
Now try logging into the machine, with "ssh 'kiran@kirlina'", and check in:
 ~/.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
 
kiran@deegelinuxlite:~$ ssh-copy-id kiran@kirlinb
The authenticity of host 'kirlinb (192.168.1.52)' can't be established.
ECDSA key fingerprint is 37:a1:66:c6:f3:89:91:60:25:75:b4:c9:b3:79:cb:9d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'kirlinb,192.168.1.52' (ECDSA) to the list of known hosts.
kiran@kirlinb's password: 
Now try logging into the machine, with "ssh 'kiran@kirlinb'", and check in:
 ~/.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
 
Check to make sure the SSH login works without specifying any password as shown in the screenshot. Here it shows that I can loginto all my other servers by just specifying “ssh <hostname>” without entering any password.
 
 
=> Since this is a development, I wanted it to be less restrictive with my login such a way that I should be able to log on to any server from anywhere without specifying any password. In order to do this, we need to copy the private key as well to the .ssh folder on all the servers.
 
 
kiran@deegelinuxlite:~/.ssh$ ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts
kiran@deegelinuxlite:~/.ssh$ scp -p id_rsa kirlina:/home/kiran/.ssh/.
id_rsa                                        100% 1679     1.6KB/s   00:00    
kiran@deegelinuxlite:~/.ssh$ scp -p id_rsa kirlinb:/home/kiran/.ssh/.
id_rsa                                        100% 1679     1.6KB/s   00:00    
kiran@deegelinuxlite:~/.ssh$ scp -p id_rsa kirlinc:/home/kiran/.ssh/.
id_rsa                                        100% 1679     1.6KB/s   00:00    
kiran@deegelinuxlite:~/.ssh$ scp -p id_rsa kirline:/home/kiran/.ssh/.
id_rsa                                        100% 1679     1.6KB/s   00:00    
kiran@deegelinuxlite:~/.ssh$ scp -p id_rsa inspirlinux:/home/kiran/.ssh/.
id_rsa                                        100% 1679     1.6KB/s   00:00    
kiran@deegelinuxlite:~/.ssh$ 
 
As seen in the screenshot, I was able to hop on from one server to another without any password.
 
 
 

 

Cheers!

rajkiran

 

 

 

 

 
 
 
 
 
 
 
 

Copyright ©2018 Rajkiran Ghanta (deegeplanet.com)