{"id":505,"date":"2018-03-14T01:48:55","date_gmt":"2018-03-14T01:48:55","guid":{"rendered":"http:\/\/shijuvarghese.com\/?p=505"},"modified":"2024-02-04T07:06:54","modified_gmt":"2024-02-04T07:06:54","slug":"ssh-password-less-authentication","status":"publish","type":"post","link":"http:\/\/shijuvarghese.com\/?p=505","title":{"rendered":"SSH : Password-less authentication"},"content":{"rendered":"<p><span style=\"color: #0000ff;\"><em>Post updated on Jan 2024<\/em><\/span><\/p>\n<p><a href=\"http:\/\/shijuvarghese.com\/wp-content\/uploads\/2018\/03\/SSH_1.jpg\" rel=\"attachment wp-att-945\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-945\" src=\"http:\/\/shijuvarghese.com\/wp-content\/uploads\/2018\/03\/SSH_1.jpg\" alt=\"SSH_1\" width=\"371\" height=\"201\" srcset=\"http:\/\/shijuvarghese.com\/wp-content\/uploads\/2018\/03\/SSH_1.jpg 371w, http:\/\/shijuvarghese.com\/wp-content\/uploads\/2018\/03\/SSH_1-300x163.jpg 300w\" sizes=\"auto, (max-width: 371px) 100vw, 371px\" \/><\/a><\/p>\n<p>At times, for example if a server has a script that needs to copy a file to a client via SSH, it will be good if the server can SSH to the client without using the password. This is achieved by copying the content of server&#8217;s SSH public key available in &#8220;<strong>\/&lt;user&#8217;s home folder&gt;\/.ssh\/id_rsa.pub<\/strong>&#8221; to the end of the authorized_keys file in the client located at &#8220;<strong>\/&lt;user&#8217;s home folder&gt;\/.ssh\/known_hosts<\/strong>&#8221;<\/p>\n<ul>\n<li>This can be achieved by using the following command in the server and selecting the default options.\n<ul>\n<li><em><strong>ssh-keygen<\/strong><\/em><\/li>\n<\/ul>\n<\/li>\n<li>In the server change the permission on newly created private key\n<ul>\n<li><strong>chmod 600 &lt;private key&gt;<\/strong><\/li>\n<\/ul>\n<\/li>\n<li>On the server node, go to &#8220;<strong>\/&lt;user&#8217;s home folder&gt;\/.ssh\/<\/strong>&#8221; and type the command &#8221;\u00a0<em><strong>ssh-copy-id user@&lt;client node IP&gt;<\/strong><\/em>&#8220;<\/li>\n<li>From the server test ssh connection to client node, and see if you can access the client without a password<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p style=\"text-align: center;\"><strong><span style=\"text-decoration: underline;\">SSH Key with a non-default key name and\u00a0PassPhrase<\/span><\/strong><\/p>\n<p>At times one may like to create a set of keys with non-default name, that is something other than\u00a0<strong>&#8220;id_rsa&#8221;<\/strong>. The procedure is like this:<\/p>\n<ul>\n<li><strong>mahesh@miq_and_myob ~]$<\/strong> ssh-keygen -f ~\/.ssh\/mykey-with-pass\n<ul>\n<li>Enter passphrase as\u00a0<em>Redhat<\/em><\/li>\n<\/ul>\n<\/li>\n<li><strong>mahesh@miq_and_myob ~]$<\/strong> chmod 600 ~\/.ssh\/mykey-with-pass<\/li>\n<li><strong>mahesh@miq_and_myob ~]$<\/strong>\u00a0ssh-copy-id -i ~\/.ssh\/mykey-with-pass.pub root@192.168.154.132\n<ul>\n<li>Enter root password<\/li>\n<\/ul>\n<\/li>\n<li><strong>mahesh@miq_and_myob ~]$<\/strong> ssh -i ~\/.ssh\/mykey-with-pass root@192.168.154.132\n<ul>\n<li>Enter passphrase for key &#8216;\/home\/mahesh\/.ssh\/mykey-with-pass&#8217;:<em>Redhat<\/em><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p style=\"text-align: center;\"><span style=\"text-decoration: underline;\"><strong>Cashing ssh passphrase by KeyManager<\/strong><\/span><\/p>\n<p>As seen in above example, it may be good to avoid repeatedly typing the Passphrase\u00a0<strong>Redhat<\/strong> during a single putty session. For this if the ssh passphrase is cached somewhere, then you will not be prompted to try the passphrase when executing the below command used in above section&#8217;s example:<\/p>\n<ul>\n<li><strong>mahesh@miq_and_myob ~]$<\/strong> ssh -i ~\/.ssh\/mykey-with-pass root@192.168.154.132<\/li>\n<\/ul>\n<p>The process to obtain that is by using the following commands:<\/p>\n<ul>\n<li><strong>mahesh@miq_and_myob ~]$\u00a0<\/strong>exec ssh-agent bash<\/li>\n<li><strong>mahesh@miq_and_myob ~]$\u00a0<\/strong>eval #(ssh-agent)<\/li>\n<li><strong>mahesh@miq_and_myob ~]$\u00a0<\/strong>ssh-add ~\/.ssh\/mykey-with-pass<\/li>\n<\/ul>\n<p>Please NOTE that the above is a temporary setting that will work only during one login session when user\u00a0mahesh. Once user <em>mahesh<\/em> exits putty and logs-in back, the Passphrase will be asked as usual<\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: center;\"><span style=\"text-decoration: underline;\"><strong>Configuring default private keys to be used for different hosts<\/strong><\/span><\/p>\n<p>Instead of using\u00a0 the &#8220;<strong>-i<\/strong>&#8221; option to select a particular key for connecting to certain remote host, we can update a configuration file to ensure certain keys are used as defaults when connecting to certain remote host.<\/p>\n<ul>\n<li>Create the following file\n<ul>\n<li><strong>mahesh@miq_and_myob ~]$\u00a0<\/strong>vi ~\/.ssh\/config<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"padding-left: 90px;\"><em>Host 192.168.154.132<\/em><br \/>\n<em> HostName 192.168.154.132<\/em><br \/>\n<em> User root<\/em><br \/>\n<em> IdentityFile ~\/.ssh\/mykey-with-pass<\/em><\/p>\n<p style=\"padding-left: 90px;\"><em>Host 192.168.154.8<\/em><br \/>\n<em> HostName 192.168.154.8<\/em><br \/>\n<em> User root<\/em><br \/>\n<em> IdentityFile ~\/.ssh\/mykey-with-pass-for-new<\/em><\/p>\n<ul>\n<li>Change the permission\n<ul>\n<li><strong>mahesh@miq_and_myob ~]$\u00a0<\/strong>chmod 600\u00a0~\/.ssh\/config<\/li>\n<\/ul>\n<\/li>\n<li>Now try accessing the remote host. You will be prompted to type the passphrase since it was configured in the example we are using\n<ul>\n<li><strong>mahesh@miq_and_myob ~]$\u00a0<\/strong>ssh 192.168.154.132<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"padding-left: 90px;\"><em>Enter passphrase for key &#8216;\/home\/mahesh\/.ssh\/mykey-with-pass&#8217;:<strong>Redhat<\/strong><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>Post updated on Jan 2024 At times, for example if a server has a script that needs to copy a file to a client via <a class=\"mh-excerpt-more\" href=\"http:\/\/shijuvarghese.com\/?p=505\" title=\"SSH : Password-less authentication\">[&#8230;]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":266,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,30,10],"tags":[],"class_list":["post-505","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-rhel-9","category-ssh"],"_links":{"self":[{"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/posts\/505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=505"}],"version-history":[{"count":10,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/posts\/505\/revisions"}],"predecessor-version":[{"id":951,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/posts\/505\/revisions\/951"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/media\/266"}],"wp:attachment":[{"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=505"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}