Setup ssh-rsalogin » Historie » Version 2
Jeremias Keihsler, 10.09.2020 14:38
| 1 | 1 | Jeremias Keihsler | h1. Setup ssh-rsa-login |
|---|---|---|---|
| 2 | |||
| 3 | h2. Requirements |
||
| 4 | |||
| 5 | To install ssh you will need the following: |
||
| 6 | * a installed and supported operating system (e.g. CentOS 8.x) |
||
| 7 | * root-access |
||
| 8 | * a fast internet connection |
||
| 9 | |||
| 10 | h2. Preliminary Note |
||
| 11 | |||
| 12 | You want to use Linux and OpenSSH to automize your tasks. Therefore you need an automatic login from host A / user a to Host B / user b. You don't want to enter any passwords, because you want to call ssh from a within a shell script. |
||
| 13 | This information was taken from *Mathias Kettner* @ http://linuxproblem.org/art_9.html |
||
| 14 | |||
| 15 | h2. Setup |
||
| 16 | |||
| 17 | First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase: |
||
| 18 | <pre><code class="bash"> |
||
| 19 | 2 | Jeremias Keihsler | a@A:~> ssh-keygen -t ed25519 |
| 20 | Generating public/private ed25519 key pair. |
||
| 21 | Enter file in which to save the key (/root/.ssh/id_ed25519): |
||
| 22 | Created directory '/root/.ssh'. |
||
| 23 | 1 | Jeremias Keihsler | Enter passphrase (empty for no passphrase): |
| 24 | Enter same passphrase again: |
||
| 25 | 2 | Jeremias Keihsler | Your identification has been saved in /root/.ssh/id_ed25519. |
| 26 | Your public key has been saved in /root/.ssh/id_ed25519.pub. |
||
| 27 | 1 | Jeremias Keihsler | The key fingerprint is: |
| 28 | 2 | Jeremias Keihsler | SHA256:cWzFIp9zUKCHz8tijMdZn7Nx07gS1nJKeSNnBP1vrFX a@A |
| 29 | The key's randomart image is: |
||
| 30 | +--[ED25519 256]--+ |
||
| 31 | | o=o | |
||
| 32 | | .+..o | |
||
| 33 | | E +o = | |
||
| 34 | | B+ | |
||
| 35 | | S O + .E| |
||
| 36 | | e + . .B X.+| |
||
| 37 | | . B +o Xo==| |
||
| 38 | | + o .-. ==| |
||
| 39 | | o++oo| |
||
| 40 | +----[SHA256]-----+ |
||
| 41 | 1 | Jeremias Keihsler | </code></pre> |
| 42 | |||
| 43 | Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine): |
||
| 44 | |||
| 45 | <pre><code class="bash"> |
||
| 46 | a@A:~> ssh b@B mkdir -p .ssh |
||
| 47 | b@B's password: |
||
| 48 | </code></pre> |
||
| 49 | |||
| 50 | Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time: |
||
| 51 | |||
| 52 | <pre><code class="bash"> |
||
| 53 | 2 | Jeremias Keihsler | a@A:~> cat .ssh/id_ed25519.pub | ssh b@B 'cat >> .ssh/authorized_keys' |
| 54 | 1 | Jeremias Keihsler | b@B's password: |
| 55 | </code></pre> |
||
| 56 | |||
| 57 | h2. Test |
||
| 58 | |||
| 59 | From now on you can log into B as b from A as a without password: |
||
| 60 | |||
| 61 | <pre><code class="bash"> |
||
| 62 | a@A:~> ssh b@B hostname |
||
| 63 | B |
||
| 64 | </code></pre> |
||
| 65 | |||
| 66 | h2. Troubleshooting |
||
| 67 | |||
| 68 | If for any reason this is not working it might be because of wrong permissions or SELinux-context |
||
| 69 | |||
| 70 | <pre><code class="bash"> |
||
| 71 | chmod 700 ~/.ssh |
||
| 72 | ll ~/.ssh |
||
| 73 | </code></pre> |
||
| 74 | needs permission-wise result in |
||
| 75 | <pre><code class="bash"> |
||
| 76 | drwx------. 2 root root 4096 Aug 3 11:04 . |
||
| 77 | dr-xr-x---. 6 root root 4096 Aug 3 11:23 .. |
||
| 78 | -rw-r--r--. 1 root root 410 Aug 3 11:04 authorized_keys |
||
| 79 | -rw-------. 1 root root 1671 Aug 3 09:05 id_rsa |
||
| 80 | -rw-r--r--. 1 root root 404 Aug 3 09:05 id_rsa.pub |
||
| 81 | </code></pre> |
||
| 82 | to restore SELinux-context perform |
||
| 83 | <pre><code class="bash"> |
||
| 84 | restorecon -R -v ~/.ssh |
||
| 85 | </code></pre> |