How to enable the password less authentication between servers
SSH (Secure Shell) is a network protocal which allow users to connect the remote computers securely from unsecured network to administer the system.
Using this protocol, you can transfer the files between the systems using the SCP protocol.
If needs to do some automated task or copy the files in larger number of servers then very painful to provide the password for each and every server. So this can be avoided by enabling password less authentication between the servers.
In below article I will show you how to do this in step by step.
I have 2 systems (rhel6-1 & rhel6-1) running OS version RHEL 6 and going to enable the password less authentication for User “ramesh”
Here going to enable the password less authentication from rhel6-1 to rhel6-2. Once this done then I can login to the rhel6-2 server without providing the password.
Step 1 :
Login to the rhel6-1 server with user ramesh and generate rsa key using below command as demonstrated. Press Enter when prompted for user input.
[ramesh@rhel6-1 ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/ramesh/.ssh/id_rsa): Created directory '/home/ramesh/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ramesh/.ssh/id_rsa. Your public key has been saved in /home/ramesh/.ssh/id_rsa.pub. The key fingerprint is: 19:0b:88:0b:17:c7:f8:81:15:f5:88:2b:86:81:01:c8 ramesh@rhel6-1 The key's randomart image is: +--[ RSA 2048]----+ |* .=+o. | |oEo+oo o | |+ o.o.o o | | = ... . + | |. + . S | | . . | | | | | | | +-----------------+ [ramesh@rhel6-1 ~]$
If you login to the server as User ramesh first time then it will ask you to accept the finger print. Type yes to accept it and provide the password for user ramesh to copy rsa to the source server (rhel6-2). This will append the rsa key from /home/ramesh/.ssh/id_rsa to /home/ramesh/.ssh/authorized_keys
[ramesh@rhel6-1 ~]$ ssh-copy-id -i /home/ramesh/.ssh/id_rsa rhel6-2 The authenticity of host 'rhel6-2 (192.168.100.10)' can't be established. RSA key fingerprint is bd:63:1f:41:68:ff:8a:aa:5f:58:82:0c:cd:92:9b:55. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'rhel6-2,192.168.100.10' (RSA) to the list of known hosts. ramesh@rhel6-2's password: Now try logging into the machine, with "ssh 'rhel6-2'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
[root@rhel6-2 ~]# cat /home/ramesh/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvqU7xauCn+yozkarJWhV6WwYsjU4vhJOCq0URIaYJYcO/j98QmNfVGX+9d3KHdC9LwQ0FzRMtcaqot2G/Oa1OOjN04U13JKtfroZCWZahvDsU4CILT1i0p1OuMbLd/viFQ2LAim8kWU3qyvQ3EdfyoOQ3arpWPeF2TczFSZfRLNKGNZLN8n+OBHokB6tvv85u9a4tQBg3nCEotzdhH6eHl1UfHvsJk1WTH+jmtytKYfOzGq4wxGb0FZAs6qiB78vnXVW7f2xhllMJMA8S4p5E402Zn4aoc6ZfcYI4sdZ0ayg3wbXMU0K1upEEDDdHLWrLqfRcaG8ugWferQc+psz1Q== ramesh@rhel6-1 [root@rhel6-2 ~]#
Now you can login to the server rhel6-2 without providing the password from rhel6-1.
[ramesh@rhel6-1 ~]$ ssh rhel6-2 [ramesh@rhel6-2 ~]$
I hope this document helps you.