Secure Shell(SSH) is the secure way of accessing the servers . Before ssh Telnet was mostly used for log in , but the disadvantage of using telnet comes with the way it transfers the information/data across network.
Using telnet , makes the data transfer across the network with out any encryption . All the info transferred is in plain text format. Risk comes ,if someone captures the data packets over network and will be able to clearly see any data transferred like passwords .
To eliminate this risk , use ssh for login which in turn encrypts all the data that is transferred over network .
One more advantage of using ssh is , we can make use of public key authentication which allows login without requiring any password to be entered . This setup of key authentication between two servers will be presented in this post . (This is possible because ssh first looks for key authentication setup , if no key setup or private key or if public key doesnt matches private key , then ssh will prompt for password ).
Initially we consider to have two servers solaris1 and solaris2 which has sshd daemon /services active on them . (In this we setup the login from solaris1 to solaris2
Firstly we need to have a two keys for each servers one is public key and other private key . This can be generated with the built in ssh tool ssh-keygen command .
solaris2#ssh-keygent -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (//.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_dsa.
Your public key has been saved in //.ssh/id_dsa.pub.
The key fingerprint is:
c2:3e:db:15:cf:f5:b4:fa:88:03:50:95:a1:c5:34:df root@solaris2
-t : option specify the algorithm to be used for key generation (possible values will be dsa or rsa).
It will prompt for the file name and location to be used , we can specify the one or by default it will be in $HOME/.ssh/ directory location . Need to enter passphrase (if needs to be password less login then enter empty passphrase , here we give the empty passphrase so that it wont prompt for passphrase while login).
Once the passphrase is validated , a public key will be created in the same location where private key was located with the name convention as privatekeyname.pub (we have here id_dsa.pub).
root@solaris2>cd /.ssh
root@solaris2>ls
id_dsa id_dsa.pub known_hosts
root@solaris2>cat id_dsa.pub
ssh-dss AAAAB3NzaC1kc3MAAACBAMh9QAZfSlQIPMIl9iMHFWM0UzLoSs24DtojCqKZj8WVhoy6TfpuausJ06WzAfvq2RD2tnd69iYSx/AUbxZGpZIp3buMN0ybTBbqo4YiyG8h8YHMuSvxQ+ryGpmD+VhLpgJKhZKdKcO0VerH4s0m8nUn2lwstobtFuIa2ks6u/ZXAAAAFQDhCS445aGzUj9QmqQjOap/F5KzmQAAAIByAYIKYWyy1ioy8s+zmIAmSEGRyR2jA2CqBMgU5j2sGqWQV0ZCRANLQ1hBFLHOSzPJVHlB0XYACSqUVRw6fXW+6ROirjraSN143pgZNltWU8UJnFZPBv246UiY0/OcVCBoDqIqz2HsfBP0MtoA0VV21qVcMQWsSUPJpK8GUVLb7QAAAIBwYsfVNtBTat8CRKFqloPEQQ6BlDvtRGF2t+pCYEC9YbFKYE63z998q1pu2eDmvbiWTJ3+ZTMQ8CDp77DY3KLaXAgzEbh9pGaQdFORZCli2E2x7E3S9Z68SJBzP4JtM5ADTJiNVbT+iji45dEIvkFeox8u1fPSYAyXYdJ4L9uy7g== root@solaris1
Copy the content of this id_dsa.pub key .
This id_dsa.pub is the key that needs to be distributed across the servers from where we need a password less login .
To distribute the pub key we need to create a file with filename authorized_keys2 in all the servers and keep the copied content of id_dsa.pub in that file and then save the file .
root@solaris1>cat authorized_keys2
ssh-dss AAAAB3NzaC1kc3MAAACBAMh9QAZfSlQIPMIl9iMHFWM0UzLoSs24DtojCqKZj8WVhoy6TfpuausJ06WzAfvq2RD2tnd69iYSx/AUbxZGpZIp3buMN0ybTBbqo4YiyG8h8YHMuSvxQ+ryGpmD+VhLpgJKhZKdKcO0VerH4s0m8nUn2lwstobtFuIa2ks6u/ZXAAAAFQDhCS445aGzUj9QmqQjOap/F5KzmQAAAIByAYIKYWyy1ioy8s+zmIAmSEGRyR2jA2CqBMgU5j2sGqWQV0ZCRANLQ1hBFLHOSzPJVHlB0XYACSqUVRw6fXW+6ROirjraSN143pgZNltWU8UJnFZPBv246UiY0/OcVCBoDqIqz2HsfBP0MtoA0VV21qVcMQWsSUPJpK8GUVLb7QAAAIBwYsfVNtBTat8CRKFqloPEQQ6BlDvtRGF2t+pCYEC9YbFKYE63z998q1pu2eDmvbiWTJ3+ZTMQ8CDp77DY3KLaXAgzEbh9pGaQdFORZCli2E2x7E3S9Z68SJBzP4JtM5ADTJiNVbT+iji45dEIvkFeox8u1fPSYAyXYdJ4L9uy7g== root@solaris2
Now try to login to the server with the user id for which the ssh keys were setup . (here we did that for root user ).
root@solaris1>ssh root@solaris2
Last login: Mon Jan 10 00:21:19 2011 from solaris1
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
root@solaris2>
Now no password will be requested while login .
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment