Automating ssh logins with an RSA key


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » DirectAdmin » Backup & Restore Process
Top Level » System Level » SSH

Automating ssh logins with an RSA keyLast Modified: Sep 15, 2013, 11:32 pm
Say you frequently need to login from box A to box B with ssh.
If you don't want to type in a password every time, you can setup an RSA key.
This can also be used with rsync or scp to automate the transferring of files.

The trick with RSA keys is that only box A knows how to encrypt the data.   Box B will have the public decoding key, so even if the decoding key is stolen, the thieves will not be able to login to B because they don't know how to encode the data (this a very rough analogy of it, OpenSSL does that on a different level, but close enough for this description).  The main concept is that the "password" only exists on A.. and B (where we're connecting to) has no idea, nor needs to know, what it is.  This is why keys are secure.  The traditional method of passwords requires it to be set on B, and if lost, anyone can login from anywhere.  Since the private encoding key never leaves your server, it makes things much safer.


1) First login to box A with ssh.  Box A is where we're going to be connecting from.


2) Next, cd to your home directory, and ensure there is an .ssh folder:

cd
mkdir -p .ssh
cd .ssh



3) Create the public (id_rsa.pub) and private (id_rsa) keys:

ssh-keygen -t rsa

Press enter 3 time to use the default values, and to skip the passphrase.  If you specify a passphrase, then a password would be required anytime the encoding key is used.. which somewhat defeats the purposes for this particular application.


4) We now have 2 files on box A, then id_rsa and id_rsa.pub.  Insert the id_rsa.pub to box B's file ~/.ssh/authorized_keys.
If box B already has an ~/.ssh directory and there are no other entries in the authorized_keys, you could use this to copy it over

scp -C ~/.ssh/id_rsa.pub root@1.2.3.4:~/.ssh/authorized_keys

where you'd adjust root@1.2.3.4 to use the User and IP you're intending to use.  If authorized_keys has other entires, then just copy/paste the contents of the id_rsa.pub to the next line of the authorized_keys file on B.  Note, that the entire id_rsa.pub is only 1 line. If you end up with 2 or 3 lines with your paste, you've done something wrong.  Each remote box only uses 1 line in the authorized_keys.

4) For safety, chmod your id_rsa to 600, to ensure it's kept secret:

chmod 600 id_rsa



5) Test it out to see if it works:

ssh root@1.2.3.4

which should log you into B, from A, without any password.





Quick reference list of files used:

~/.ssh/authorized_keys  -  Exists on B. Contains one or more id_rsa.pub lines for one or more incoming servers.
~/.ssh/id_rsa           -  Private encoding key on box A.  Don't give this out.
~/.ssh/id_rsa.pub       -  Public decoding key.  It starts on A, but place it's contents onto a new line in the ~/.ssh/authorized_keys on box B.


 
Related Helpfiles
Backing up and transferring very large User accounts
Backups take too long to create. Use rsync for /home
Copying files between boxes using ssh/scp

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST