Why?


Search This Blog

Tuesday, October 25, 2016

CentOS 7 sshd server to server with no password using trusted keys

CentOS 7 sshd server to server with no password using trusted keys

I have two servers of 192.168.10.28 and 192.168.10.100. On 192.168.10.28 as root:

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a3:ba:98:53:bc:8c:c9:b3:d8:3f:73:e2:61:a6:41:f7 root@rhtest.whittenberg.local
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|  ...   S        |
| . .o. . .       |
| ..=+.E          |
| o*B*o.          |
|. **=*           |
+-----------------+

# ssh-copy-id root@192.168.10.100
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.10.100's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.10.100'"
and check to make sure that only the key(s) you wanted were added.

# ssh root@192.168.10.100
Last login: Tue Oct 25 20:09:25 2016 from 192.168.10.28


Now do the same on 192.168.10.100 using the ssh-copy-id command to host 192.168.10.28 like the following:

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a3:ba:98:53:bc:8c:c9:b3:d8:3f:73:e2:61:a6:41:f7 root@rhtest.whittenberg.local
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|  ...   S        |
| . .o. . .       |
| ..=+.E          |
| o*B*o.          |
|. **=*           |
+-----------------+

# ssh-copy-id root@192.168.10.28
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.10.100's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.10.28'"
and check to make sure that only the key(s) you wanted were added.

# ssh root@192.168.10.28
Last login: Tue Oct 25 20:09:25 2016 from 192.168.10.100


There you go. You you no longer need password to use the sshd protocol between your two servers. Try this on either server access the other. I will be on the .28 accessing the .100:

# sftp root@192.168.10.100
Connected to 192.168.10.100.
sftp> ls
anaconda-ks.cfg                    btrfs-progs                        dead.letter                        dump
fio-2.0.9.tar.gz                   go.sh                              idle3-tools-0.9.1                  idle3-tools-0.9.1.tar
linux-4.7.tar.xz                   list                               master.zip                         mylog.txt
phoronix-test-suite                phoronix-test-suite-6.4.0.tar      scrub.log                          sipp-3.5.1
sipp-3.5.1.tar.gz                  test.sh                            trantest                           wd5741x64
zfsstress-master
sftp>

Yup. No password needed. Enjoy!


No comments:

Post a Comment