Sometimes is necessary to make backups between devices through some kind of script or web app. Is in this cases when password authentication becomes an obstacle for automatization and where is needed to use public and private keys. This time, we'll use a Debian distro, but it wont be different in another one.
Access client equipment and create keys without password
Create .ssh directory in the server and in the user folder with we'll give access without password
Create in server, file authorized_keys with the content of id_rsa.pub file obtained from the client equipment. We're copying the public key, the private one must not be known for anyone in the exterior.
Finally, it will be possible to authenticate from client equipment, without asking password from server.
Configure next parameters in server's sshd_config file
Server IP: 192.168.1.4 Server user: soporte Client IP: 192.168.1.99 Client user: krtapas
[root@server]# vim /etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
RSAAuthentication yes
PubkeyAuthentication yes
Access client equipment and create keys without password
[krtapas@client]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/krtapas/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/krtapas/.ssh/id_rsa.
Your public key has been saved in /home/krtapas/.ssh/id_rsa.pub.
The key fingerprint is:
19:02:a6:64:2f:4d:c9:1e:73:54:d5:50:e7:73:73:ab krtapas@client
Generating public/private rsa key pair.
Enter file in which to save the key (/home/krtapas/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/krtapas/.ssh/id_rsa.
Your public key has been saved in /home/krtapas/.ssh/id_rsa.pub.
The key fingerprint is:
19:02:a6:64:2f:4d:c9:1e:73:54:d5:50:e7:73:73:ab krtapas@client
Create .ssh directory in the server and in the user folder with we'll give access without password
[soporte@server]$ cd /home/soporte/
[soporte@server]$ mkdir .ssh
[soporte@server]$ mkdir .ssh
Create in server, file authorized_keys with the content of id_rsa.pub file obtained from the client equipment. We're copying the public key, the private one must not be known for anyone in the exterior.
[krtapas@client]$ scp /home/krtapas/.ssh/id_rsa.pub soporte@192.168.1.4:/home/soporte/.ssh/authorized_keys
soporte@192.168.1.4's password:
id_rsa.pub
soporte@192.168.1.4's password:
id_rsa.pub
Finally, it will be possible to authenticate from client equipment, without asking password from server.
[krtapas@client]$ ssh soporte@192.168.1.4
Last login: Fri Jan 15 16:14:03 2010 from 192.168.1.99
[soporte@server]$
Last login: Fri Jan 15 16:14:03 2010 from 192.168.1.99
[soporte@server]$
0 comentarios:
Post a Comment