Jump to content

networkingnoela

Members
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

17 Good

About networkingnoela

  • Rank
    Junior Member
  1. Hello, I found this procedure very interessting. Thus, I would like to share it with you. ssh Without Password in Few Simple Steps How to configure passwordless ssh & sftp access in Unix & Linux systems? Follow these simple steps with examples with a basic troubleshooting section at the end. sftp uses underlying ssh access for authentication and after you establish passwordless ssh access you will have passwordless sftp access a s well. This a real life example of configuring passwordless access for two users . The user ‘web’ in this case needs a secure password less access to another user james in a server ‘devserver’ . How to do ssh without password & sftp without password Follow the Steps to configure secure passwordless access To begin, Lets check the current ssh & sftp connectivity status for [email protected] from localhost [[email protected] ~]$ ssh [email protected] [email protected]’s password: [[email protected] ~]$ sftp [email protected] [email protected]’s password: As expected it prompted for password 1. Generate the public key private key pair Generate the public key private key pair for the local host as following, Press enter for default file names and no pass phrase options. The command here generates RSA type keys. You can run the command ssh-keygen from any directory but the id files will be generated in .ssh dir of user’s home directory. [[email protected] ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/web/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/web/.ssh/id_rsa. Your public key has been saved in /home/web/.ssh/id_rsa.pub. The key fingerprint is: 5e:30:d3:1a:00:c5:0b:29:96:ac:3e:42:20:dc:af:38 [email protected] 2. Change directory to .ssh directory of user . You will see two files starting with id_rsa. id_rsa is the private key and id_rsa.pub is public key. Check the date time stamp of these files to make sure these are the ones you generated recently. [[email protected] ~]$ cd /home/web/.ssh .ssh[[email protected] .ssh]$ ls -la total 32 drwx—— 2 web web 4096 Dec 7 22:05 . drwx—— 34 web web 12288 Dec 7 22:04 .. -rw——- 1 web web 1675 Dec 7 22:05 id_rsa -rw-r–r– 1 web web 407 Dec 7 22:05 id_rsa.pub -rw-r–r– 1 web web 391 Dec 7 22:03 known_hosts Check the date to be sure of current generated files. 3. Copy the rsa public key to the remote host Copy the public key file from above example to .ssh of the user home directory and if .ssh directory is not there , create it as in the example below. You need to enter sftp/ssh password as passwordless access is not setup yet.. /.ssh[[email protected] .ssh]$ sftp [email protected] Connecting to devserver… [email protected]’s password: sftp> pwd Remote working directory: /home/james sftp> cd .ssh Couldn’t canonicalise: No such file or directory sftp> mkdir .ssh sftp> cd .ssh sftp> put id_rsa.pub Uploading id_rsa.pub to /home/james/.ssh/id_rsa.pub id_rsa.pub 0% 0 0.0KB/s –:– ETAid_rsa.pub 100% 407 0.4KB/s 00:00 sftp> 4. login to the remote host with password Once file is copied over , login to the remote host using ssh and password and go to .ssh directory under user home directory. /.ssh[[email protected] .ssh]$ ssh [email protected] [email protected]’s password: [email protected]:~[[email protected] ~]$ cd .ssh [email protected]:~/.ssh[[email protected] .ssh]$ pwd /home/james/.ssh [email protected]:~/.ssh[[email protected] .ssh]$ ls -l total 4 -rw-r–r– 1 james james 407 Dec 7 22:06 id_rsa.pub 5. Rename the public key file, id_rsa.pub, to authorized_keys ; Rename or append to file corresponding to the ssh protocol version in your system , User ssh -V to find out the ssh version SSH protocols 1.3 and 1.5 uses file name as authorized_keys SSH protocol 2.0 uses file name as authorized_keys2 if the authorized_keys file already exists then append the new keys to the existing file using, cat id_rsa.pub >> authorized_keys . Don’t use vi or editor to open , append and save these key files as any extra character/newline would corrupt these files. [email protected]:~/.ssh[[email protected] .ssh]$ mv id_rsa.pub authorized_keys You can see the contents using cat command [email protected]:~/.ssh[[email protected] .ssh]$ cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArVWhE0L2FXNvmggZgqmGU LVrcE4X7WQr6scSuU5FCQUsXzYjyOL8FbUIIkBeLLMIrV7mYa+ xuszHcvnAho/42/e4r5by8LVMyh0AAo7nketemkO/2ZiUXZhww7tySxgcI5U5L5PDmTCyF7vxLlJ0rGb7Ky//DtpKrBui5P4gIrKBeiA2TlbEL9UrQZ8HgTU3iSGtfUXH0O 26iLSWi6Tf40hEazvvVYESHPSBjUPIMqUGabtz1kKMDQB5x C+F2MZ4lUCmgK2NexrhVWOrp7ODS1GlKsjSv6NSxOIVW0je V00ZW9Fvgz865g+fakBITqYP76ptPIVXEps+91ABRSwggQ== [email protected] 6. Change the key file and directory permissions ssh is very sensitive to permissions so you have to change the key file and directory permissions exactly as required for it to work. 6a. Change authorized_keys to 600 permissions [email protected]:~/.ssh[[email protected] .ssh]$ chmod 600 authorized_keys [email protected]:~/.ssh[[email protected] .ssh]$ ls -ltr total 8 -rw-r–r– 1 james james 407 Dec 7 22:06 id_rsa.pub -rw——- 1 james james 407 Dec 7 22:08 authorized_keys [email protected]:~/.ssh[[email protected] .ssh]$ cd .. 6b. Change .ssh directory to 700 permission [email protected]:~[[email protected] ~]$ chmod 700 .ssh 6c. Verify permissions and log out . [email protected]:~[[email protected] ~]$ logout Connection to localhost closed. 7. Moment of truth : Try a ssh or sftp /.ssh[[email protected] .ssh]$ ssh [email protected] Last login: Tue Dec 7 22:07:04 2010 from localhost.localdomain [email protected]:~[[email protected] ~]$ pwd /home/james /.ssh[[email protected] .ssh]$ sftp [email protected] sftp> 8. Troubleshooting ssh/sftp access If you are still getting password prompt, The most common problems can be Incorrect permission for .ssh directory and authorized_keys / authorized_keys2 file Corrupt key file, regenerate and copy again. Space,character or line inserted or truncated during appending to existing file. Don’t copy keys manually but do a cat new_keys >> authorized_keys ; For new files copy the file and rename , don’t manually copy paste contents. ​
  2. I can't pm. Can you pm me with voucher's validity date information ?
  3. I have JN0-660. But now I cannot send personal messages. I cannot answer your querries via personal messages. So if you want to have the details please include your email addresse or skype Id when contacting me via PM.
  4. Dear All I received your PM but I can't answer. Please send me your email id so that I can share the details with you.
  5. 2 vouchers, validity end of december 2016. If interrested pm me with your email address I will send you the details.
  6. hello I cannot send PM. I have 2 100% discount vouchers. contact me
  7. I have two juniper exams voucher valid until the end of the year. If interrested pm me with you email address.
  8. please send me a personal message with your email because I don't know how to do so. I will contact you.
  9. Please give me the link for gns3 alpha 7
×
×
  • Create New...