If you want to connect to a server without entering password then you can follow this post.
We have three servers
wa01.example.com IP : 192.168.1.11
syd01.example.com IP : 192.168.1.12
per01.example.com IP : 192.168.1.13
Problem: We want to log in to syd01.example.com without entering the password.
Steps:
1. Generated keys public and private on wa01.example.com
2. Use ssh-copy-id to create the authorized_keys on syd01.example.com
3. ssh from wa01.example.com to syd01.example.com
Action:
Generate the key pair on wa01.example.com
Please note that it will generate two files one harvey and second harvey.pub
Copy the public key which has .pub in its name across to syd01.example.com
Please note that if you log in to syd01.example.com and look under .ssh folder of harvarinder user then you should be able to see a file called authorized_keys. Above steps will create this file if it is not present and add the public key in it else it will append the key in the file.
This is to ensure that any one key who's generate a public key in this file should be able to make the ssh connection using this user.
Below is the snip of the file
From here on ssh to syd01.example.com without password.
Extending this test
lets copy the harvey file to per01.example.com and see if we can log in from there as well.
Now let's ssh from per01.example.com to syd01.example.com using private key harvey
Lets do a final trick of renaming the file to something else and see what happens, I am renaming it on per01.example.com
Interesting isn't it .
Result:
If we have a key pair (public and private keys) then we can copy the public keys in the authorized_keys of the server where we want to connect. Please note that if we want to connect to remote machine as username called bing then authorized_keys file should be under .ssh folder under bing user. If you want to connect as oracle user then authorized_keys should be under .ssh folder under oracle user.
Then connect from any machine which has ssh client using the private key using that user and have fun. Did I say anything about AWS ec2 pem file ?
We have three servers
wa01.example.com IP : 192.168.1.11
syd01.example.com IP : 192.168.1.12
per01.example.com IP : 192.168.1.13
Problem: We want to log in to syd01.example.com without entering the password.
Steps:
1. Generated keys public and private on wa01.example.com
2. Use ssh-copy-id to create the authorized_keys on syd01.example.com
3. ssh from wa01.example.com to syd01.example.com
Action:
Generate the key pair on wa01.example.com
[harvarinder@wa01 .ssh]$ ssh-keygen -t rsa -b 2048 -v
Generating public/private rsa key pair.
Enter file in which to save the key (/home/harvarinder/.ssh/id_rsa): harvey
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in harvey.
Your public key has been saved in harvey.pub.
The key fingerprint is:
9c:e5:d0:7d:73:98:20:10:a8:f7:fd:92:d8:9d:15:f5 harvarinder@wa01.example.com
The key's randomart image is:
+--[ RSA 2048]----+
| .oo. . |
| . . o . o.|
| . . o . =.o|
| . .. = ..oE|
| . .S.. . |
| . . . |
| o + o |
| . + + |
| . |
+-----------------+
[harvarinder@wa01 .ssh]$
Please note that it will generate two files one harvey and second harvey.pub
[harvarinder@wa01 .ssh]$ ls -lahharvey.pub is the public key and other is the private key.
total 20K
drwx------. 2 harvarinder harvarinder 4.0K Mar 5 13:55 .
drwx------. 26 harvarinder harvarinder 4.0K Mar 5 13:46 ..
-rw-------. 1 harvarinder harvarinder 1.7K Mar 5 13:55 harvey
-rw-r--r--. 1 harvarinder harvarinder 410 Mar 5 13:55 harvey.pub
Copy the public key which has .pub in its name across to syd01.example.com
[harvarinder@wa01 .ssh]$ ssh-copy-id -i harvey.pub harvarinder@192.168.1.12
The authenticity of host '192.168.1.12 (192.168.1.12)' can't be established.
RSA key fingerprint is 97:87:aa:97:55:1b:9d:81:f5:18:0a:cf:6a:6c:c6:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.12' (RSA) to the list of known hosts.
harvarinder@192.168.1.12's password:
Now try logging into the machine, with "ssh 'harvarinder@192.168.1.12'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[harvarinder@wa01 .ssh]$
Please note that if you log in to syd01.example.com and look under .ssh folder of harvarinder user then you should be able to see a file called authorized_keys. Above steps will create this file if it is not present and add the public key in it else it will append the key in the file.
This is to ensure that any one key who's generate a public key in this file should be able to make the ssh connection using this user.
Below is the snip of the file
[harvarinder@syd01 .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4kp92dtMkT1n1dNTO6nEuZRubT......vCDwdeqDMuBEfzJoBQ== harvarinder@wa01.example.com
From here on ssh to syd01.example.com without password.
[harvarinder@wa01 .ssh]$ ssh -i harvey harvarinder@192.168.1.12
Last login: Mon Mar 5 13:56:02 2018 from 192.168.1.11
[harvarinder@syd01 ~]$
Extending this test
lets copy the harvey file to per01.example.com and see if we can log in from there as well.
[harvarinder@wa01 .ssh]$ scp -p harvey 192.168.1.13:.ssh
The authenticity of host '192.168.1.13 (192.168.1.13)' can't be established.
RSA key fingerprint is 97:87:aa:97:55:1b:9d:81:f5:18:0a:cf:6a:6c:c6:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.13' (RSA) to the list of known hosts.
harvarinder@192.168.1.13's password:
harvey 100% 1675 1.6KB/s 00:00
[harvarinder@wa01 .ssh]$
Now let's ssh from per01.example.com to syd01.example.com using private key harvey
[harvarinder@per01 .ssh]$ pwd
/home/harvarinder/.ssh
[harvarinder@per01 .ssh]$ ls -l
total 4
-rw-------. 1 harvarinder harvarinder 1675 Mar 5 13:57 harvey
[harvarinder@per01 .ssh]$
[harvarinder@per01 .ssh]$
[harvarinder@per01 .ssh]$ ssh -i harvey harvarinder@192.168.1.12
The authenticity of host '192.168.1.12 (192.168.1.12)' can't be established.
RSA key fingerprint is 97:87:aa:97:55:1b:9d:81:f5:18:0a:cf:6a:6c:c6:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.12' (RSA) to the list of known hosts.
Last login: Mon Mar 5 13:57:39 2018 from 192.168.1.11
[harvarinder@syd01 ~]$
[harvarinder@syd01 ~]$
Lets do a final trick of renaming the file to something else and see what happens, I am renaming it on per01.example.com
[harvarinder@per01 .ssh]$ mv harvey harvey.pem
[harvarinder@per01 .ssh]$ ssh -i harvey.pem harvarinder@192.168.1.12
Last login: Mon Mar 5 14:19:53 2018 from 192.168.1.13
[harvarinder@syd01 ~]$
[harvarinder@syd01 ~]$
[harvarinder@per01 .ssh]$ mv harvey.pem harvey.dhillon
[harvarinder@per01 .ssh]$
[harvarinder@per01 .ssh]$
[harvarinder@per01 .ssh]$ ssh -i harvey.dhillon harvarinder@192.168.1.12
Last login: Mon Mar 5 14:23:12 2018 from 192.168.1.13
[harvarinder@syd01 ~]$
Interesting isn't it .
Result:
If we have a key pair (public and private keys) then we can copy the public keys in the authorized_keys of the server where we want to connect. Please note that if we want to connect to remote machine as username called bing then authorized_keys file should be under .ssh folder under bing user. If you want to connect as oracle user then authorized_keys should be under .ssh folder under oracle user.
Then connect from any machine which has ssh client using the private key using that user and have fun. Did I say anything about AWS ec2 pem file ?
No comments:
Post a Comment