SSH is a client and serer protocol, it help us to access the remote system over the network through the encrypted tunnel. Whenever the client access the server, the client downloads the secure key from the server and at the same time-server also downloads key from client. Those two keys make the encrypted tunnel between the server and client, so that data transfers very securely over the network.
SSH is widely used as the alternative of FTP, as you know any thing that uses TCP network asks password to collect data. SSH is also a TCP service, it requires password to access the remote machine. If the organization has a large number of servers, every time admin has to enter the password to access the remote system. It is a pain to enter the password multiple times, SSH comes with new feature called password less login, that helps to access the remote machine without entering the password.
To enable the password less login, we have to put the public key entry of client host name and user detail on the remote server. That key entry will be on the following file (~/.ssh/authorized.keys) (~=Home directory of the user) according to your remote user.
Follow the steps to create the password less login. here we have two machines with two different username.
Machine 1 :
IP address: 192.168.12.6
Machine 2 :
IP address: 192.168.12.8
Here i will be using hostname instead of ipaddress, you can replace it with real ip address’s. I have logged in as raj on server.example.com, create a pair of keys using the following command.
[raj@server ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/raj/.ssh/id_rsa):
Created directory ‘/home/raj/.ssh’.
Enter passphrase (empty for no passphrase): Press Enter
Enter same passphrase again: Press Enter
Your identification has been saved in /home/raj/.ssh/id_rsa.
Your public key has been saved in /home/raj/.ssh/id_rsa.pub.
Once you have created, you will find two files inside the .ssh directory. id_rsa and id_rsa.pub. We are going to use id_rsa.pub as a base file.
[raj@server ~]$ ll ~/.ssh/ total 8 -rw-------. 1 raj raj 1675 Nov 25 10:43 id_rsa -rw-r--r--. 1 raj raj 404 Nov 25 10:43 id_rsa.pub
Use the ssh-copy-id command with input file of id_rsa.pub; it creates ~/.ssh/authorized.keys if not present, other wise it would appends the key. The key contains the information about the host and user name.
[raj@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub firstname.lastname@example.org
The authenticity of host ‘client.itzgeek.com (192.168.12.6)’ can’t be established.
ECDSA key fingerprint is a1:cb:88:60:46:16:fd:d3:93:31:4b:5f:94:5e:78:f8.
Are you sure you want to continue connecting (yes/no)? yes Type Yes and Enter
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
email@example.com’s password: Enter password of ram (client machine user)
Number of key(s) added: 1Now try logging into the machine, with: “ssh ‘firstname.lastname@example.org'”and check to make sure that only the key(s) you wanted were added.
Now access the remote machine using SSH. It will take you to the shell directly without asking password.
[raj@server ~]$ ssh email@example.com [ram@client ~]$
That’s All, This password less login saves the time and energy of the system admin.