Before we go in to details on how to set up public key authentication, I would like to talk about pros and cons about doing this. After you know the pros and cons, you can make an educated decision. First, let us talk about biggest benefit about setting up public key authentication over ssh. Once you set up the keys correctly, you will not need to enter password to access the other server. For example, you can just type ssh example.com and you will be logged in. This is the method you must use if you want to set up scripts which are run from crontab. For example, you may have rsync script running which does backups from one server to another every night. With every good thing, comes a bad thing. So let us say “somebody” has access to server1 as root. This somebody could be designated user or it could be a hacker who has gain root access to server1. Now since we have public key authentication over ssh setup between server1 and server2, this “somebody” now can access server2. As you can see, this can be a problematic. Now you know number one pro and con about setting up public key authentication over ssh. Let us now go on and actually go through process to setup keys.
On server1, you type: ssh-keygen -t rsa (just press enter to keep accepting defaults). You should see something like this:
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a2:b2:aw:w2:63:25:2a:62:fs:d5:ff:fd:11:f1:aa:60 root@server1
Fingerprint for your server will be different. Now cat /root/.ssh/id_rsa.pub Copy the contents it displays. You will need this for server2. Paste it into notepad or any other text editor and make sure it pastes as one line. This is very crucial you check this.
Now login to server2. Create the public key by typing: ssh-keygen -t rsa (this is same thing we did on server1). Once you are done, type vi /root/.ssh/authorized_keys2
Paste the content you copied earlier on server1. Make sure it is all on one line. Save/exit. At this point, we should change the permissions on the file to make sure sshd likes it: chmod 600 /root/.ssh/authorized_keys2
Go back to server1 and type ssh server2 You should be logged in with out having to put in a password. If you are prompted for password still, check server2 /root/.ssh/authorized_keys2 file and make sure everything you pasted is one line.
That is all you have to do set up public key authentication over ssh!
————————————-
DISCLAIMER: Please be smart and use code found on internet carefully. Make backups often. And yeah.. last but not least.. I am not responsible for any damage caused by this posting. Use at your own risk.
Hi,
Nice and usefull….
My suggestion is
Instead of copying and pasting the content, we can copy the id_rsa.pub file to server2 and can mention the path in /etc/ssh/sshd_config under AuthorizedKeysFile .
When configuring your authorized keys file, be sure to chmod 600 the file as sshd will not allow using the file with the wrong permissions.
Thanks Josh, instructions are now updated.
Why do you need to generate the second keygen on server 2. Is this used for anything?
It’s mainly there so people don’t have to create .ssh directory if it doesn’t exist and set the permissions correctly.
Pingback: SVN: How do you use svn command line on Windows with ssh tunneling? | Technology: Learn and Share
i still need more information by email thx alot.
hi Why there’s a circle around the capital A.is that mean something .I don’t know? thx alot.
I’am going to leave.
By
Don’t forget to also “chmod 700 .ssh” – this has to be done on RHEL 5.4
Pingback: SSH RSA Key question
i configured ssh in server1(LINUX CENTOS) but i cannot configure SSH keygeneration windows
Thanks man!
By the way… I did not run the “ssh-keygen -t rsa” command at server2, just created the folder “.ssh”
Best!
Hey random internet stranger,
Just wanted to let you know that authorized_keys2 is deprecated:
http://serverfault.com/questions/116177/whats-the-difference-between-authorized-keys-and-authorized-keys2
Should use authorized_keys now. (Without the 2).
Thanks!
Find out how to have muscles of iron and a breathtaking body where no woman will ever sfugirti -> http://9nl.co/TheMindMuscleBlueprint
“Acne goodbye”: a manual to have perfect skin immediately visit the site–>
http://9nl.co/AcneFreeIn1NightGauranteed
Instead of aliens and humans, you will be choosing a variety of
cute little animals with special abilities.
Every field of life involves game playing and strategy making.
So, if you choose the right group of numbers, using a full wheel,
your chances to win the lottery are almost guaranteed.
Free Presentation Reveals 1 Unusual Tip to Eliminate Your Acne Forever and Gain Beautiful Clear Skin In 30-60 Days – Guaranteed! for info and purchase–> http://9nl.co/AcneNoMore
Very nice blog,please can you look at mine ?
After exploring a few of the articles on your site, I honestly like your technique of blogging.
I book marked it to my bookmark webpage list and will
be checking back soon. Please check out my web site too and tell me your opinion.
I have to show my appreciation to you just for bailing me out of such a condition. As a result of looking out throughout the the net and meeting principles that were not pleasant, I was thinking my entire life was well over. Existing devoid of the solutions to the difficulties you’ve sorted out through your entire article content is a crucial case, as well as those that could have negatively affected my entire career if I had not encountered your web blog. That talents and kindness in touching a lot of things was priceless. I am not sure what I would have done if I had not discovered such a solution like this. It’s possible to now relish my future. Thanks a lot so much for this impressive and result oriented guide. I will not hesitate to endorse your site to anybody who needs direction about this issue.
Thank you a lot for providing individuals with a very splendid chance to read in detail from this website. It is usually so beneficial and stuffed with amusement for me and my office mates to search your website at the very least three times per week to learn the latest secrets you will have. Not to mention, I am also at all times fulfilled considering the fantastic pointers served by you. Selected 2 points in this article are completely the finest we’ve had.
My spouse and i have been absolutely thankful Louis managed to round up his studies while using the ideas he obtained from your own web page. It’s not at all simplistic to simply happen to be giving freely thoughts that many many others have been selling. So we do know we’ve got the website owner to give thanks to for that. The type of explanations you made, the simple site navigation, the relationships your site make it possible to foster – it is most fabulous, and it’s assisting our son in addition to the family understand this situation is brilliant, and that is very vital. Thanks for all the pieces!
I needed to send you this little remark to give many thanks again with your great secrets you’ve shown at this time. This is wonderfully open-handed with you giving freely all a few people could have marketed for an electronic book to end up making some dough for themselves, most importantly since you might well have tried it in case you wanted. The suggestions in addition worked like the good way to understand that other people online have the same fervor just like mine to figure out much more in respect of this condition. I believe there are several more fun times ahead for those who find out your site.