مدیریت سرورها

آموزش مدیریت سرورهای لینوکس و ویندوز

مدیریت سرورها

آموزش مدیریت سرورهای لینوکس و ویندوز

سایت در باره انواع آموزشها در زمینه IT می باشد.
مانند: لینوکس، ویندوز، سیسکو، میکروتیک، طراحی وب
به دلیل شخصی بودن وبلاگ ارائه مطالب متفرقه در آن بلامانع است.
با تشکر

طبقه بندی موضوعی

How to create password less ssh connection for multiple non-root users

چهارشنبه, ۱۱ اسفند ۱۳۹۵، ۰۹:۴۷ ب.ظ

I had done password less shh authentication between multiple Linux box a couple of time but this time I had to do the same for normal user. I thought it would be same and actually it is the same but still there are few things which we might miss out and also it becomes a bit complicated and confusing as I did so for them I thought I should give some tips.

Question
You have to create a password less ssh connection between 3 Linux box for non root user i.e a normal user user1.

Pre-requisites
User user1 should exist on all the 3 Linux box

Server details
server1.example
IP 192.168.1.6

server2.example
IP 192.168.1.11

server3.example
IP 192.168.1.12

Making password less connection from server1

On server 1
Login as user1[user1@server1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Created directory '/home/user1/.ssh'.
Enter passphrase (empty for no passphrase): [Press ENTER for EMPTY password]
Enter same passphrase again: [Press ENTER for EMPTY password]
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
81:bf:d5:03:3f:a1:a4:81:27:b5:61:e4:e6:17:b9:a0 user1@server1.example
The key's randomart image is:
+--[ RSA 2048]----+
|       .=        |
|       * o .     |
|      + O = .    |
|       B * B .   |
|      E S = =    |
|         +   o   |
|        .        |
|                 |
|                 |
+-----------------+

With the above command we have created a pair of public and private key using RSA type authentication.

Click the link to know more about RSA and DSA type of authentication

Now to create a password less ssh connection we need to copy id_rsa.pub to the remote server i.e server2 and server3
[user1@server1 ~]$ ssh-copy-id user1@server2
The authenticity of host 'server2 (192.168.1.11)' can't be established.
RSA key fingerprint is de:75:8a:ff:26:1b:b5:82:61:36:9c:44:d2:57:3c:9e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server2,192.168.1.11' (RSA) to the list of known hosts.
user1@server2's password: [Give password for user1]
Now try logging into the machine, with "ssh 'user1@server2'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[user1@server1 ~]$ ssh-copy-id user1@server3
The authenticity of host 'server3 (192.168.1.12)' can't be established.
RSA key fingerprint is 98:61:fb:91:8b:10:29:e1:b2:db:fd:52:6d:79:d7:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server3,192.168.1.12' (RSA) to the list of known hosts.
user1@server3's password: [Give password for user1]
Now try logging into the machine, with "ssh 'user1@server3'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
NOTE: Make sure the permission on authorized_keys is 600

Using the above steps we have successfully created a password less authentication from

server 1 ------> server 2
server 1 ------> server 3

Making password less connection from Server 2


On server 2 
Login as user1[user1@server2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): [Press ENTER for EMPTY password]
Enter same passphrase again: [Press ENTER for EMPTY password]
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
8f:0d:bc:8c:fc:d1:38:1a:b3:be:7a:8d:fc:8d:0d:1e user1@server2.example
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|       .         |
|        S        |
|     . o O       |
|     .=oE +      |
|      +B.O       |
|    .+=o= o      |
+-----------------+


Now to create a password less ssh connection we need to copy id_rsa.pub to the remote server i.e server 1 and server 3
[user1@server2 ~]$ ssh-copy-id user1@server1
The authenticity of host 'server1 (192.168.1.6)' can't be established.
RSA key fingerprint is b8:36:c1:38:01:db:cc:89:b1:a9:b8:f7:f7:a8:17:ef.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server1,192.168.1.6' (RSA) to the list of known hosts.
user1@server1's password: [Give password for user1]
Now try logging into the machine, with "ssh 'user1@server1'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[user1@server2 ~]$ ssh-copy-id user1@server3
The authenticity of host 'server3 (192.168.1.12)' can't be established.
RSA key fingerprint is 98:61:fb:91:8b:10:29:e1:b2:db:fd:52:6d:79:d7:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server3,192.168.1.12' (RSA) to the list of known hosts.
user1@server3's password: [Give password for user1]
Now try logging into the machine, with "ssh 'user1@server3'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Using the above steps we have successfully created a password less authentication from

server 2 ------> server 1
server 2 ------> server 3


Making password less connection from Server 3

On server 3
Login as user1

[user1@server3 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): [Press ENTER for EMPTY password]
Enter same passphrase again: [Press ENTER for EMPTY password]
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
5b:99:c5:84:02:fd:ea:95:b7:51:2e:e3:28:f3:9d:9d user1@server3.example

Now to create a password less ssh connection we need to copy id_rsa.pub to the remote server i.e server 1 and server 2
[user1@server3 ~]$ ssh-copy-id user1@server1
The authenticity of host 'server1 (192.168.1.6)' can't be established.
RSA key fingerprint is b8:36:c1:38:01:db:cc:89:b1:a9:b8:f7:f7:a8:17:ef.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server1,192.168.1.6' (RSA) to the list of known hosts.
user1@server1's password: [Give password for user1]
Now try logging into the machine, with "ssh 'user1@server1'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[user1@server3 ~]$ ssh-copy-id user1@server2
The authenticity of host 'server2 (192.168.1.11)' can't be established.
RSA key fingerprint is de:75:8a:ff:26:1b:b5:82:61:36:9c:44:d2:57:3c:9e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server2,192.168.1.11' (RSA) to the list of known hosts.
user1@server2's password: [Give password for user1]
Now try logging into the machine, with "ssh 'user1@server2'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Using the above steps we have successfully created a password less authentication from
server 3 ------> server 1
server 3 ------> server 2


IMPORTANT NOTE:

For creating password less ssh authentication between multiple Linux machine using normal users make sure the two permissions are implemented or else the password less ssh authentication won't work

Permission 600 on authorized_keys file and

Permission 700 on .ssh directory
  • طاهر ضیائی

ssh

نظرات  (۰)

هیچ نظری هنوز ثبت نشده است

ارسال نظر

ارسال نظر آزاد است، اما اگر قبلا در بیان ثبت نام کرده اید می توانید ابتدا وارد شوید.
شما میتوانید از این تگهای html استفاده کنید:
<b> یا <strong>، <em> یا <i>، <u>، <strike> یا <s>، <sup>، <sub>، <blockquote>، <code>، <pre>، <hr>، <br>، <p>، <a href="" title="">، <span style="">، <div align="">