SSH can be quickly configured to authenticate users with keys rather than passwords – if the server is setup to allow this type of handshake. The process consists of exporting a users’ public key from the client host and installing it in the profile of the same user on the target machine. If your client user doesn’t have a public key, let’s begin by creating one:
For example, let’s use a sandbox VM – accept the defaults when prompted; bring up your client user account, in this case “vassox,” and run ssh-keygen to create our keypairs.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | [vassox@tank /]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/vassox/.ssh/id_rsa): Created directory '/home/vassox/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/vassox/.ssh/id_rsa. Your public key has been saved in /home/vassox/.ssh/id_rsa.pub. The key fingerprint is: SHA256:bx5LZu5Mo+vWUuyWhenjrLahBEH5fzFtFYZgphyCXqg vassox@tank The key's randomart image is: +---[RSA 2048]----+ | .+. . +. .o. | | .+ .o = ... | | o.o o . . | | E ... o o | | . .S. * | | . ..* . | | . .*Xo | | . .+&B+ | | .+*OO. | +----[SHA256]-----+ [vassox@tank /]$ |
Now if we navigate to the home dir cd ~/. you will notice a new .ssh directory with the following content:
1 2 3 4 5 6 | [vassox@tank .ssh]$ ls -alrt total 8 drwx------. 6 vassox vassox 119 Feb 18 14:51 .. -rw-------. 1 vassox vassox 1675 Feb 18 14:51 id_rsa drwx------. 2 vassox vassox 38 Feb 18 14:51 . -rw-r--r--. 1 vassox vassox 393 Feb 18 14:51 id_rsa.pub |
We have now successfully generated a set of private and public keys – let’s retrieve the public key and install it on our target host. First cat id_rsa.pub:
1 2 | [vassox@tank .ssh]$ cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7+fsiIPYc5LAlBTrxom0b88s3rW5VwWsE3/L5F+nqCK7+uISr3gP0AWKxBJQY+VC4xx7VAPFQFHWFd39rlqNrecl2E9suJRjrGZduxsaw1F2IeBpjS5Bp/vkcAXMfbn0nffSWJAB2UKBCyXRsEW716nCwVhpc2sax1ELMxNy5fLflqdONYyMatMpFIfxV0z14krqx91p6hXUCDtadnqNw1O8i3Vtt3rxeU4JxPqLthz7N+RFhzIuKgrfos8gInw3BMQkQ0NHmDvVb5Bc3i80ylPP/1Q3b3QV/YlhqXUlPZYZLpaFosbN8Ol00i3NvygyNj48VJz4qnK+Brre06GBT vassox@tank |
Switch over to your target (host) machine that you would like to establish a passwordless link for and navigate to the .ssh dir in your user’s home directory. Open / create an authorized_keys by invoking vi authorized_keys file and simply insert the public key we exported in the previous step:
1 2 | [vassox@nuuk .ssh]$ cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7+fsiIPYc5LAlBTrxom0b88s3rW5VwWsE3/L5F+nqCK7+uISr3gP0AWKxBJQY+VC4xx7VAPFQFHWFd39rlqNrecl2E9suJRjrGZduxsaw1F2IeBpjS5Bp/vkcAXMfbn0nffSWJAB2UKBCyXRsEW716nCwVhpc2sax1ELMxNy5fLflqdONYyMatMpFIfxV0z14krqx91p6hXUCDtadnqNw1O8i3Vtt3rxeU4JxPqLthz7N+RFhzIuKgrfos8gInw3BMQkQ0NHmDvVb5Bc3i80ylPP/1Q3b3QV/YlhqXUlPZYZLpaFosbN8Ol00i3NvygyNj48VJz4qnK+Brre06GBT vassox@tank |
Now you should be able to ssh or sftp with out a password from your client to target host.
Comments