Walker News

Auto SSH login or password-less SSH login is the answer to replace those legacy rlogin and rcp protocols that are without encryption feature.

Thus, password-less SSH login is extremely useful in writing secured shell scripts that need to automatically (non-interactively) login remote server and then initiates file transfer or trigger some other commands.


How to setup non-interactive or password-less SSH login in Linux?

SSH server supports two modes of authentication where remote SSH client could be authenticated via legacy system login ID and password or with the public-key cryptography method (that provides non-interactive or password-less SSH login capability)

Assumption made for this example:

• System user walker-a at Linux server WalkerNews-A needs a password-less, non-interactive SSH login to walker-b at Linux server WalkerNews-B.
   
• Both Linux servers are running on RHEL 4 update 5 bundled with openssh-server-3.9p1-8.RHEL4.1 and openssh-clients-3.9p1-8.RHEL4.1

At WalkerNews-A Linux command prompt:

• Execute ssh-keygen -t dsa to create a pair of DSA-based public key and private key for SSH public-key cryptography authentication.

  WalkerNews-A [/home/walker-a]$ ssh-keygen -t dsa
  Generating public/private dsa key pair.
  Enter file in which to save the key (/home/walker-a/.ssh/id_dsa):
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in /home/walker-a/.ssh/id_dsa.
  Your public key has been saved in /home/walker-a/.ssh/id_dsa.pub.

  First, ssh-keygen prompts user to specify a path to save the generated key. You can simply accept the default path by pressing ENTER key.

  When comes to enter passphrase (password to decode the keys), again just press ENTER key to accept the default value, i.e. empty for no passphrase. Additional steps are required for password-less SSH login, if a passphrase is entered to secure the keys (I should cover this in next post for clarity).
   

• Now, copy the generated public key (i.e. /home/walker-a/.ssh/id_dsa.pub) to walker-b home directory at WalkerNews-B.

At WalkerNews-B Linux command prompt:

• Create a .ssh (hidden directory) in walker-b home directory (if it’s not currently exist) and make sure the directory access mode set to 700. E.g.

  mkdir .ssh
  chmod 700 .ssh

• Create a text file called authorized_keys in $HOME/.ssh directory (if the file is not currently exist) and make sure this file access mode is restricted to 600. E.g.

  cd $HOME/.ssh
  touch authorized_keys
  chmod 600 authorized_keys

• Append the walker-a’s public key (id_dsa.pub) to the authorized_keys file. E.g.

  cat $HOME/id_dsa.pub >> $HOME/.ssh/authorized_keys

Now, back to walker-a at WalkerNews-A, each of the subsequent ssh or scp connection initiated here to walker-b at WalkerNews-B will be automatically authenticated via public-key cryptography, i.e. without having to interactively enter password.

For example, login as walker-a at WalkerNews-A and execute these at Linux command prompt:

• ssh walker-b@WalkerNews-B will get ssh automatically login as walker-b at WalkerNews-B, without entering a password. (The insecure legacy protocol to accomplish this task is called rlogin)
   
• scp sourcefile walker-b@WalkerNews-B:temp/new.log will get scp automatically transfer sourcefile to walker-b’s $HOME/temp directory and saved with a new file name as new.log. (The insecure legacy protocol to accomplish this task is called rcp)

If you would like to troubleshoot or understand the SSH public-key cryptography authentication processes, specify the verbose option switch (-v) in ssh command:

ssh -v walker-b@WalkerNews-B

Topic - Howto, Linux   Search - Authentication, Authorized_Keys, Cryptography, Linux, Networking, Private-key, Protocol, Public-key, Red Hat, Redhat, Remote Access, RHEL, Security, SSH, SSH-Keygen

Similar Articles:
» Configure Putty To Support Password-less SSH Login
» How To Setup Non-Interactive SSH Login
» Configure Secured Private Key For Password-less SSH Login
» Configure VNC Server To Auto Start Up In Red Hat Linux
» Where Does Putty Keeps SSH Host Key Fingerprint In Windows Registry?
» How To Create An ISO Image Of Directory / Filesystem In Linux
» How To Read ISO Image File In Linux

↑ Grab this Headline Animator

Navigation:
» HOME - WalkerNews.net
« PREV  - Response To Adsense Donation Call
» NEXT  - Configure Putty To Support Password-less SSH Login