Saturday, December 25, 2010

[kr-en02] SSH without password

Sometimes is necessary to make backups between devices through some kind of script or web app. Is in this cases when password authentication becomes an obstacle for automatization and where is needed to use public and private keys. This time, we'll use a Debian distro, but it wont be different in another one.
Server IP:192.168.1.4
Server user:soporte
Client IP:192.168.1.99
Client user:krtapas
Configure next parameters in server's sshd_config file
[root@server]# vim /etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes

Access client equipment and create keys without password
[krtapas@client]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/krtapas/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/krtapas/.ssh/id_rsa.
Your public key has been saved in /home/krtapas/.ssh/id_rsa.pub.
The key fingerprint is:
19:02:a6:64:2f:4d:c9:1e:73:54:d5:50:e7:73:73:ab krtapas@client

Create .ssh directory in the server and in the user folder with we'll give access without password
[soporte@server]$ cd /home/soporte/
[soporte@server]$ mkdir .ssh

Create in server, file authorized_keys with the content of id_rsa.pub file obtained from the client equipment. We're copying the public key, the private one must not be known for anyone in the exterior.
[krtapas@client]$ scp /home/krtapas/.ssh/id_rsa.pub soporte@192.168.1.4:/home/soporte/.ssh/authorized_keys
soporte@192.168.1.4's password:
id_rsa.pub

Finally, it will be possible to authenticate from client equipment, without asking password from server.
[krtapas@client]$ ssh soporte@192.168.1.4
Last login: Fri Jan 15 16:14:03 2010 from 192.168.1.99
[soporte@server]$

0 comentarios: