I was helping a client setup ssh with public/private keys between two servers, so that they could use ssh, scp and sftp without having to enter passwords. This was primarily so that they could script a secure file transfer between the two servers. below are the steps taken to set everything up.
Note: the usernames and passwords have been changed, to ensure the systems remain secure. I've provided dummy keys below for reference.
First, we need to login to the client machine (the one that starts the ssh/scp/sftp connections) and create an ssh key pair. When it prompts for a password for the key, just press enter (don't enter one). While this does reduce the security of the implementation, it ensure that automated processes don't need passwords when connecting from client to server.
Code:
freddy:~ cwplough$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/cwplough/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/cwplough/.ssh/id_dsa.
Your public key has been saved in /home/cwplough/.ssh/id_dsa.pub.
The key fingerprint is:
23:30:5d:45:c5:37:27:38:7e:66:2a:46:59:15:3a:f8 cwplough@freddy.mavenwire.com
Next, we'll take a quick look at the ssh public key, just to see what it contains.
Code:
freddy:~ cwplough$ cd .ssh
freddy:~/.ssh cwplough$ more id_dsa.pub
ssh-dss AAAsd3NzaC1kc3MAAACBAMTf2OqoiHQ3kJlYp2mxr7fAYQ6VdkOVTR0G3lEgXQItJ/sRA478djd938V0FtjCyZ9jIFb0GBXJnUa+rWU1moQWciMwc7cHuWh3Iana4CuDBG1oCUEAgdg10t7EKse3OMLBk+4hGQVIgfkdkd+seGtYb62kRZsJMN/RGAJBta49JAAAAFQCN72UA0+ms1Tn7aqtfxTwYUts0twAAAIEAki82UN5KS5sKOmhagEwjVBbHGVjJb/badkldkdvmTVyCHWOxbmIWy8XyWguBZlowqjz5wibIM6N4Fj4XI7Z3zuXCXnEpvvlYeS4fpBzwGZ7pUA83qXxh3QZ0YP+NvSv8Xe7jw2+Kq7KVtgK0UN1dEuBtUl2Tbwr9jFLoAzbi6DgIAAACBAJ3gBqdFoCJ1KCo/jjkGzrkvp4N1B0qVGh2u7D0DtZqhAhULHEfmUdjdjQ4ZfnNsD2ZKvjFVMzZQQsKMFXD98mXJ5qvS8lPJ6KcZHfZdpp4y5iWAg/WqnU8HbroQKN9vt/HJ6xqQ5hATCrNYvswNgcWfS9wsdfsdfssdU9FPkJxaT cwplough@freddy.mavenwire.com
Once we've verified that it exists, we can copy it over to the server(s) that we want to login to without passwords.
Next, login to the server, so that we can put the ssh key into place.
Code:
cwplough@ginger [~]# mkdir .ssh #if the directory already exists, you can skip this step.
cwplough@ginger [~]# cat id_dsa.pub >> .ssh/authorized_keys
cwplough@ginger [~]# cd .ssh
cwplough@ginger [~/.ssh]# ln -s authorized_keys authorized_keys2
Next, ensure the permissions of the authorized_keys* files are 644 - if they are more relaxed than this, OpenSSH will notice and you'll continue to get prompted for a password.
Code:
cwplough@ginger [~/.ssh]# chmod 644 authorized_keys*
I like to verify the contents of the authorized_keys file, just in case
Code:
cwplough@ginger [~/.ssh]# cat authorized_keys
ssh-dss AAAsd3NzaC1kc3MAAACBAMTf2OqoiHQ3kJlYp2mxr7fAYQ6VdkOVTR0G3lEgXQItJ/sRA478djd938V0FtjCyZ9jIFb0GBXJnUa+rWU1moQWciMwc7cHuWh3Iana4CuDBG1oCUEAgdg10t7EKse3OMLBk+4hGQVIgfkdkd+seGtYb62kRZsJMN/RGAJBta49JAAAAFQCN72UA0+ms1Tn7aqtfxTwYUts0twAAAIEAki82UN5KS5sKOmhagEwjVBbHGVjJb/badkldkdvmTVyCHWOxbmIWy8XyWguBZlowqjz5wibIM6N4Fj4XI7Z3zuXCXnEpvvlYeS4fpBzwGZ7pUA83qXxh3QZ0YP+NvSv8Xe7jw2+Kq7KVtgK0UN1dEuBtUl2Tbwr9jFLoAzbi6DgIAAACBAJ3gBqdFoCJ1KCo/jjkGzrkvp4N1B0qVGh2u7D0DtZqhAhULHEfmUdjdjQ4ZfnNsD2ZKvjFVMzZQQsKMFXD98mXJ5qvS8lPJ6KcZHfZdpp4y5iWAg/WqnU8HbroQKN9vt/HJ6xqQ5hATCrNYvswNgcWfS9wsdfsdfssdU9FPkJxaT cwplough@freddy.mavenwire.com
Now, log back into the client machine and test it!
From this point on, you can ssh, scp and sftp into the server without a password.
Linear Mode
