For the past few years, I have been manually setting up the key trust between systems. Here are the steps I followed.
Suppose I need to login to localserver from remoteserver using account scripter without password.
1. generate public-private key pair on localserver
you can use either dsa or rsa.$ ssh-keygen -t dsa
2. copy scripter's public key to remoteserver
3. on remoteserver, append the public key copied in step 2 to ~scripter/.ssh/authorized_keys$ scp id_dsa.pub remoteserver:
if ~scripter/.ssh doesn't exist, manually create it$ cat id_dsa.pub >> ~scripter/.ssh/authorized_keys
4. on localserver the directory and files are auto-generated, so the permissions are correct, on remoteserver, as we manually created the directories, we need to make the permissions are correct.
$ chmod 700 ~scripter/.ssh$ chmod 600 ~scripter/.ssh/authorized_keys
After all these steps, we can login from localserver to remoteserver without entering password:
$ ssh remoteserver hostnameremoteserver
The steps are quite easy, but can it be easier?
Yes! recently I learned the script ssh-copy-id from a forum post, to set up key trust from localserver to remoteserver using ssh-keygen and ssh-copy-id
1. generate public-private key pair on localserver
2. copy the public key from localserver to remoteserver, and set up the key trust$ ssh-keygen -t dsa
After you entering the password, everything is set up for you, you can log in remotely without password$ ssh-copy-id -i ~scripter/.ssh/id_dsa.pub \
scripter@remoteserver
ssh-copy-id saves us all the troubles of creating files and setting up the proper permission :)$ ssh remoteserver hostnameremoteserver
No comments:
Post a Comment