There are many times where it would be preferable to authenticate to a server without having to enter a password. Basically any time you want to transfer things between servers with scripts you’ll need to be able to authenticate as a valid user.
The best way to do this is with SSH keypairs.
In this example we will setup automatic login from server Andy as user bopeep to server Buzz as user sheep.
Step 1: Create Authentication ssh-keygen Keys on Andy
Login to Andy as user bopeep and generate a pair of public keys using following command.
[bopeep@andy ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/bopeep/.ssh/id_rsa): [Press enter key] Created directory '/home/bopeep/.ssh'. Enter passphrase (empty for no passphrase): [Press enter key] Enter same passphrase again: [Press enter key] Your identification has been saved in /home/bopeep/.ssh/id_rsa. Your public key has been saved in /home/bopeep/.ssh/id_rsa.pub. The key fingerprint is: 43:f6:52:1c:19:6b:49:e5:a8:72:3a:f9:a7:ea:ae:d5 bopeep@andy The key's randomart image is: +--[ RSA 2048]----+ | ++. | | o.* | | o B . | | o = | | . S . | | * o | | = E | | . o . | | .++.oo | +-----------------+
Step 2: Create .ssh Directory on – buzz
SSH from andy to buzz using sheep as user and create .ssh directory under the home directory, using following:
[bopeep@andy ~]$ ssh sheep@buzz mkdir -p .ssh The authenticity of host 'buzz (192.168.1.2)' can't be established. RSA key fingerprint is f6:d2:9a:05:0f:a4:ef:3a:c1:1f:00:1e:6f:1e:ce:86. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'buzz,192.168.1.2' (RSA) to the list of known hosts. sheep@buzz's password: [Enter Your Password Here!]
Step 3: Upload Generated Public Key to buzz
Use SSH from andy and upload your newly generated public key (id_rsa.pub) to buzz under sheep‘s .ssh directory, appending to the file authorized_keys. If you’re following this tutorial for the first time it’ll create the file, if you’re doing it subsequently then it’ll add a new authorized key.
[bopeep@andy ~]$ cat .ssh/id_rsa.pub | ssh sheep@1buzz 'cat >> .ssh/authorized_keys' sheep@buzz's password: [Enter Your Password Here!]
Step 4: Set Permissions on – buzz
It’s advisable to explicitly set permissions on .ssh directory and authorized_keys file on buzz to avoid any issues.
[bopeep@andy ~]$ ssh sheep@buzz "chmod 700 .ssh; chmod 640 .ssh/authorized_keys" sheep@buzz's password: [Enter Your Password Here]
Step 5: Login from Andy to Buzz Without Password
Now you can log into buzz as sheep from bopeep on andy without a password.
[bopeep@andy ~]$ ssh sheep@buzz