Walker News

Configure Secured Private Key For Password-less SSH Login

To enable non-interactive SSH login, you could generate a pair of password-less cryptographic keys for the sake of simplicity, i.e. creates a private key that is not secured with a passphrase (by assuming the server that hosts private key is hardened).

However, what if the rigid security policies require a secured private key (even the server box and its daily system backup image are highly secured)?
Well, the answer is to rely on key management software, key manager, or sort of. For example, the ssh-agent (OpenSSH package) and Pageant.exe (Putty suite).

This trick doesn’t work for the scheduled shell script / batch file that needs non-interactive ssh login. See next post that cover this (as more works need to be done in order to get ssh-agent works for cronjob).

How to configure ssh-agent for secured private key to support non-interactive, password-less SSH login?

In my RHEL machine, the ssh and ssh-agent bundled with OpenSSH package work very well for this job:
  1. Login to Linux machine and execute eval command to invoke ssh-agent, so that the environment variable (SSH_AUTH_SOCK and SSH_AGENT_PID) output by ssh-agent could be exported to the current shell. Take note that the back-quote ` is used to enclose ssh-agent, not the normal single-quote ':
    eval `ssh-agent`
  2. Next, use ssh-add command to add the secured private keys to ssh-agent. Enter the passphrase of the private key when prompted. For example, to add private key $HOME/.ssh/walkerkey to ssh-agent:
    ssh-add ~/.ssh/walkerkey

Now, all ssh connections initiated from the current shell (before log out the current session) will be automatically authenticated via ssh-agent that caches the private keys.

How to configure Putty Pageant.exe for secured private key to support non-interactive, password-less SSH login?
  1. Putty authentication tool - Pageant.exe is the windows-based ssh-agent that used to cache a secured private keyLocate the Putty folder and double-click PAGEANT.exe (will run in the Windows System Tray).
     
  2. Windows ssh-agent called Pageant.exe, a Putty suite program.Right-click the Pageant.exe in System Tray, click Add Key option, locate and open the private key, and enter the passphrase when prompted. (Alternatively, you can right-click Pageant.exe, click View Keys, followed by Add Key).
     
  3. Now, initiate a SSH connection with Putty.exe to the target server and login with user ID that keeps the public key for the secured private key cached by Pageant.exe. You should notice that Putty automatically authenticate and a message (below) prints on the session window:
    Authenticating with public key “dsa-key-20080609″ from agent

As mentioned earlier, the wonderful of these ssh key managers don’t natively work in cronjob or scheduler environment. Although, these toolkits provide a base to expand the possibility of configure non-interactive / password-less ssh login with a secured private key (see next post).

Custom Search

  1. George 07-06-13@10:49

    where is the next post “get ssh-agent works for cronjob”

2014  •  Privacy Policy