SSH uses Password and public key authentication to login into the target server for password less authentication and to achieve that we’ve to configure the following PKI (Public Key Infrastructure) based authentication.
Source Server :
oratest.localdomain
Source User : SSH_TESTING
Target Server :
oratest2.localdomain
Target User : TEST
STEP 1: Login
into source server and generate private and public key using ssh-keygen utility
[ssh_testing@oratest ~]$
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the
key (/home/ssh_testing/.ssh/id_rsa):
Created directory
'/home/ssh_testing/.ssh'.
Enter passphrase (empty for no
passphrase):
Enter same passphrase again:
Your identification has been
saved in /home/ssh_testing/.ssh/id_rsa.
Your public key has been saved in
/home/ssh_testing/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:f/OQsLKk2fPpY06UD5rsDADTqxsSqaaeGcpteyV0iQw
ssh_testing@oratest.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| |
| E
|
| o + . .
|
| . o = o .
|
|o + . S =
|
|.. . o o = = . |
|ooo + * + *
|
|=.=+ . O.+oo + |
|+=ooo o =*=. . |
+----[SHA256]-----+
NOTE: Press Enter when asking for file, phrase and pass phrase
STEP 2: Validate whether ssh directory and required
files are created in source server
[ssh_testing@oratest ~]$ ls -lda
.ssh/
drwx------. 2 ssh_testing ssh_testing 38 Feb 26 12:33 .ssh/
[ssh_testing@oratest ~]$ ls -ltr
.ssh/
-rw-r--r--. 1 ssh_testing ssh_testing 413 Feb 26 12:33 id_rsa.pub
-rw-------. 1 ssh_testing
ssh_testing 1679 Feb 26 12:33 id_rsa
NOTE: We must
ensure that file permission of private
key (id_rsa) is only visible to user.
STEP 3: Copy
public key to the target server
The public key (id_rsa.pub)
generated by ssh-keygen utility must be copy into the content of authorized_keys
of target server.
NOTE: Always
use ssh-copy-id utility to copy the public key in
order to prevent it from copying any wrong file permission or incorrect file
name format during the copy operation. In addition to this the main benefit of
using ssh-copy-id utility is that it automatically
creates .ssh directory and authorized_key file in target server.
[ssh_testing@oratest ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub test@oratest2.localdomain
/bin/ssh-copy-id: INFO: Source of
key(s) to be installed: "/home/ssh_testing/.ssh/id_rsa.pub"
The authenticity of host
'oratest2.localdomain (192.168.10.12)' can't be established.
ECDSA key fingerprint is
SHA256:q3MSop5lnmk9Rhx4xOtX+UhIHVSCZJYYHDGN60ECKvA.
ECDSA key fingerprint is
MD5:d0:cc:6f:3d:32:08:54:29:95:30:9c:71:56:0b:e6:a0.
Are you sure you want to continue
connecting (yes/no)? yes
/bin/ssh-copy-id: INFO:
attempting to log in with the new key(s), to filter out any that are already
installed
/bin/ssh-copy-id: INFO: 1 key(s)
remain to be installed -- if you are prompted now it is to install the new keys
test@oratest2.localdomain's
password:
Number of key(s) added: 1
Now try logging into the machine,
with: "ssh
'test@oratest2.localdomain'"
and check to make sure that only
the key(s) you wanted were added.
STEP4: Validate
On target server for .ssh directory and its corresponding file creation
[test@oratest2 ~]$ ls -ltra .ssh/
drwx------. 2 test test 29 Feb 26 12:46 .
-rw-------. 1 test test 413 Feb 26 12:46 authorized_keys
NOTE: A file with the name of known_hosts will also get created in the source server
which contain the target server information
[ssh_testing@oratest .ssh]$ ls
-ltr
-rw-r--r--. 1 ssh_testing
ssh_testing 413 Feb 26 12:44 id_rsa.pub
-rw-r--r--. 1
ssh_testing ssh_testing 196 Feb 26 12:46
known_hosts
STEP 5: validate
connection from source server
[ssh_testing@oratest ~]$ ssh
test@oratest2.localdomain
Last login: Mon Feb 26 12:46:24
2024
[test@oratest2 ~]$
whoami;hostname
test
oratest2.localdomain
STEP 6: if we’ve to create the password less based authentication in both the side then we’ve to perform the same steps in target server too.
