SHIFT-WIKI

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


redhatsshkeygen

Red Hat SSH Public Key Generator

This is something I done before, SSH Login Without Password is a little howto on automatically login. However Red Hat offers a little utility which makes it even easier to set up automagic logons…

Using the Key Generator

By default, the key generator uses the RSA encryption method, we'll use this to make this easy.

Now, as the user you want to gain passwordless access with on the source host, issue the “ssh-keygen” command:

[root@kick ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
c3:06:af:aa:64:ee:ec:1c:00:6a:79:7a:87:e3:f2:aa root@kick
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|.     .          |
|o .    +         |
|oo .    S        |
|..o .  o .       |
| .++ ..          |
| Bo.o.           |
|E+@+.            |
+-----------------+

Now copy it to the user on the server where connections will be initiated to:

[root@kick ~]# ssh-copy-id root@192.168.25.128
The authenticity of host '192.168.25.128 (192.168.25.128)' can't be established.
RSA key fingerprint is b5:23:1c:72:4b:8f:fc:f9:34:5d:60:3c:e5:b7:72:2e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.25.128' (RSA) to the list of known hosts.
root@192.168.25.128's password:
Now try logging into the machine, with "ssh 'root@192.168.25.128'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Now we can start a ssh session from root to the machine where the public key was copied to without a password:

[root@kick ~]# ssh 192.168.25.128
Last login: Mon Mar 17 13:18:02 2014 from 192.168.25.1
[root@localhost ~]#
Note that you can use this to issue just one command, for example “w”, which will show who is logged on and hat they are doing:
[root@kick ~]# ssh 192.168.25.128 w
 14:20:23 up  1:04,  2 users,  load average: 0.00, 0.03, 0.09
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    192.168.25.1     13:18    3:29   0.10s  0.01s ssh 192.168.25.
sjoerdho tty1     :0               14:02    1:04m  3.92s  0.29s pam: gdm-passwo
redhatsshkeygen.txt · Last modified: 2021/09/24 00:25 by 127.0.0.1