Jacked this from: http://www.firedaemon.com/blog/passwordless-root-ssh-public-key-authentication-on-centos-6
I am using Centos 6.6 as my client and Centos 7 as the server i am ssh'ing to. I did not have the selinux problem as mentioned at the end of this wiki
Passwordless root SSH Public Key Authentication on CentOS 6
It's often useful to be able to SSH to other machines without being prompted for a password. Additionally, if you using tools such as Parallel SSH you will need to setup Public Key SSH Authentication. To set it up is relatively straight forward:
On the client machine (ie. the one you are SSH'ing from) you will need to create an SSH RSA key. So run the following command - ensure you don't supply a password:
[root@node01 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
c6:66:93:16:73:0b:bf:46:46:28:7d:a5:38:a3:4d:6d root@node01
The key's randomart image is:
+--[ RSA 2048]----+
| . |
| . + o |
| . @ E |
| * & . |
| . S = |
| = + . |
| o |
| . |
| |
+-----------------+
This will generate the following files:
[root@node01 ~]# cd ~/.ssh
[root@node02 .ssh]# ls -l
total 8
-rw-------. 1 root root 1675 Jul 27 15:01 id_rsa
-rw-r--r--. 1 root root 406 Jul 27 15:01 id_rsa.pub
On the client machine tighten up file system permissions thus:
[root@node01 ~]# chmod 700 ~/.ssh
[root@node01 ~]# chmod 600 ~/.ssh/*
[root@node01 ~]# ls -ld ~/.ssh & ls -l ~/.ssh
drwx------. 2 root root 4096 Jul 27 15:01 /root/.ssh
-rw-------. 1 root root 1675 Jul 27 15:01 id_rsa
-rw-------. 1 root root 406 Jul 27 15:01 id_rsa.pub
Now copy the public key to the machine you want to SSH and fix permissions (you will be prompted for the root password):
[root@node01 ~]# ssh root@node02 'mkdir -p /root/.ssh'
[root@node01 ~]# scp /root/.ssh/id_rsa.pub root@node02:/root/.ssh/authorized_keys
[root@node01 ~]# ssh root@node02 'chmod 700 /root/.ssh'
[root@node01 ~]# ssh root@node02 'chmod 600 /root/.ssh/*'
You can also use the utility ssh-copy-id to do the above steps. If you don't have scp on the remote machine you will need to install it:
[root@node01 ~]# ssh root@node02 'yum install openssh-clients'
You should now be able to ssh directory from node01 to node02 without providing a password:
[root@node01 ~]# ssh node02
Last login: Wed Jul 27 15:41:56 2011 from 10.255.5.57
[root@node ~]#
IMPORTANT There is a bug in CentOS 6 / SELinux that results in all client presented certificates to be ignored when SELinux is set to Enforcing. To fix this simply:
[root@node01 ~]# ssh root@node02 'restorecon -R -v /root/.ssh'
restorecon reset /root/.ssh context system_u:object_r:ssh_home_t:s0->system_u:object_r:home_ssh_t:s0
restorecon reset /root/.ssh/authorized_keys context unconfined_u:object_r:ssh_home_t:s0->system_u:object_r:home_ssh_t:s0
C
No comments:
Post a Comment