online prescription solutions
online discount medstore
pills online
buy lorazepam without prescription
xanax for sale
buy xanax without prescription
buy ambien without prescription
ambien for sale
buy modafinil without prescription
buy phentermine without prescription
modafinil for sale
phentermine for sale
lorazepam for sale
buy lexotan without prescription
bromazepam for sale
xenical for sale
buy stilnox without prescription
valium for sale
buy prosom without prescription
buy mefenorex without prescription
buy sildenafil citrate without prescription
buy adipex-p without prescription
librium for sale
buy restoril without prescription
buy halazepam without prescription
cephalexin for sale
buy zoloft without prescription
buy renova without prescription
renova for sale
terbinafine for sale
dalmane for sale
buy lormetazepam without prescription
nobrium for sale
buy klonopin without prescription
priligy dapoxetine for sale
buy prednisone without prescription
buy aleram without prescription
buy flomax without prescription
imovane for sale
adipex-p for sale
buy niravam without prescription
seroquel for sale
carisoprodol for sale
buy deltasone without prescription
buy diazepam without prescription
zopiclone for sale
buy imitrex without prescription
testosterone anadoil for sale
buy provigil without prescription
sonata for sale
nimetazepam for sale
buy temazepam without prescription
buy xenical without prescription
buy famvir without prescription
buy seroquel without prescription
rivotril for sale
acyclovir for sale
loprazolam for sale
buy nimetazepam without prescription
buy prozac without prescription
mogadon for sale
viagra for sale
buy valium without prescription
lamisil for sale
camazepam for sale
zithromax for sale
buy clobazam without prescription
buy diflucan without prescription
modalert for sale
diflucan for sale
buy alertec without prescription
buy zyban without prescription
buy serax without prescription
buy medazepam without prescription
buy imovane without prescription
mefenorex for sale
lormetazepam for sale
prednisone for sale
ativan for sale
buy alprazolam without prescription
buy camazepam without prescription
buy nobrium without prescription
mazindol for sale
buy mazindol without prescription
buy mogadon without prescription
buy terbinafine without prescription
diazepam for sale
buy topamax without prescription
cialis for sale
buy tafil-xanor without prescription
buy librium without prescription
buy zithromax without prescription
retin-a for sale
buy lunesta without prescription
serax for sale
restoril for sale
stilnox for sale
lamotrigine for sale

SSH: Setting up public key authentication over SSH (CentOS, Redhat, Linux, Fedora)


Before we go in to details on how to set up public key authentication, I would like to talk about pros and cons about doing this. After you know the pros and cons, you can make an educated decision. First, let us talk about biggest benefit about setting up public key authentication over ssh. Once you set up the keys correctly, you will not need to enter password to access the other server. For example, you can just type ssh example.com and you will be logged in. This is the method you must use if you want to set up scripts which are run from crontab. For example, you may have rsync script running which does backups from one server to another every night. With every good thing, comes a bad thing. So let us say “somebody” has access to server1 as root. This somebody could be designated user or it could be a hacker who has gain root access to server1. Now since we have public key authentication over ssh setup between server1 and server2, this “somebody” now can access server2. As you can see, this can be a problematic. Now you know number one pro and con about setting up public key authentication over ssh. Let us now go on and actually go through process to setup keys.

On server1, you type: ssh-keygen -t rsa (just press enter to keep accepting defaults). You should see something like this:

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a2:b2:aw:w2:63:25:2a:62:fs:d5:ff:fd:11:f1:aa:60 root@server1

Fingerprint for your server will be different. Now cat /root/.ssh/id_rsa.pub Copy the contents it displays. You will need this for server2. Paste it into notepad or any other text editor and make sure it pastes as one line. This is very crucial you check this.

Now login to server2. Create the public key by typing: ssh-keygen -t rsa (this is same thing we did on server1). Once you are done, type vi /root/.ssh/authorized_keys2

Paste the content you copied earlier on server1. Make sure it is all on one line. Save/exit.  At this point, we should change the permissions on the file to make sure sshd likes it:  chmod 600 /root/.ssh/authorized_keys2

Go back to server1 and type ssh server2 You should be logged in with out having to put in a password. If you are prompted for password still, check server2 /root/.ssh/authorized_keys2 file and make sure everything you pasted is one line.

That is all you have to do set up public key authentication over ssh!

————————————-
DISCLAIMER: Please be smart and use code found on internet carefully. Make backups often. And yeah.. last but not least.. I am not responsible for any damage caused by this posting. Use at your own risk.


15 Responses to “ SSH: Setting up public key authentication over SSH (CentOS, Redhat, Linux, Fedora) ”

  1. Gowrishankar
    May 7th, 2008 | 4:00 am

    Hi,

    Nice and usefull….

    My suggestion is

    Instead of copying and pasting the content, we can copy the id_rsa.pub file to server2 and can mention the path in /etc/ssh/sshd_config under AuthorizedKeysFile .

  2. Josh Martin
    October 6th, 2008 | 11:05 am

    When configuring your authorized keys file, be sure to chmod 600 the file as sshd will not allow using the file with the wrong permissions.

  3. October 6th, 2008 | 11:13 am

    Thanks Josh, instructions are now updated.

  4. November 14th, 2008 | 2:41 pm

    Why do you need to generate the second keygen on server 2. Is this used for anything?

  5. November 16th, 2008 | 12:41 am

    It’s mainly there so people don’t have to create .ssh directory if it doesn’t exist and set the permissions correctly.

  6. November 19th, 2008 | 7:58 am

    [...] your password every time you do checkout, checkin, info, etc.  In linux world, it is very easy to setup keys to get around this.  Of course in the world of Windows it is not as easy.  Here are the steps [...]

  7. January 22nd, 2009 | 7:46 pm

    i still need more information by email thx alot.

  8. January 22nd, 2009 | 7:48 pm

    hi Why there’s a circle around the capital A.is that mean something .I don’t know? thx alot.

  9. January 22nd, 2009 | 7:49 pm

    I’am going to leave.

  10. January 22nd, 2009 | 7:50 pm

    By

  11. Andy Shellam
    September 8th, 2009 | 9:26 am

    Don’t forget to also “chmod 700 .ssh” – this has to be done on RHEL 5.4

  12. August 11th, 2010 | 12:33 pm

    [...] right place. There are some hints at the bottom of this page about where the cert files should go: http://crazytoon.com/2007/08/05/ssh-…-linux-fedora/ There are also some helpful links when you google "install ssh key on [...]

  13. chaitanya
    November 23rd, 2010 | 7:22 am

    i configured ssh in server1(LINUX CENTOS) but i cannot configure SSH keygeneration windows

  14. January 25th, 2011 | 7:16 am

    Thanks man!
    By the way… I did not run the “ssh-keygen -t rsa” command at server2, just created the folder “.ssh”

    Best!

  15. Austen
    October 2nd, 2012 | 3:25 pm

    Hey random internet stranger,

    Just wanted to let you know that authorized_keys2 is deprecated:

    http://serverfault.com/questions/116177/whats-the-difference-between-authorized-keys-and-authorized-keys2

    Should use authorized_keys now. (Without the 2).

    Thanks!

Leave a reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image