Password-less SSH Login
Generating Keys on Source Machine
On the source machine from which you want to initiate password-less ssh connections (admin), run ssh-keygen to generate a public and private key pair. The following is an example session showing the creation of a personal private/public key pair.
[chris@admin ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/chris/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/chris/.ssh/id_rsa. Your public key has been saved in /home/chris/.ssh/id_rsa.pub. The key fingerprint is: f6:61:a8:27:35:cf:4c:6d:13:22:70:cf:4c:c8:a0:23 chris@admin
The command ssh-keygen -t rsa
initiated the creation of the key pair. No passphrase was entered (Enter key was pressed instead). The private key was saved in .ssh/id_rsa
. This file is read-only and should be kept private, no one else must see the content of this file, as it is used to decrypt all correspondence encrypted with the public key .ssh/id_rsa.pub
.
Adding Public Key to Target Machines
The public key is save in .ssh/id_rsa.pub
. The contents of this file might look something like the following.
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArkwv9X8eTVK4F7pMlSt45pWoiakFkZMw G9BjydOJPGH0RFNAy1QqIWBGWv7vS5K2tr+EEO+F8WL2Y/jK4ZkUoQgoi+n7DWQVOHsR ijcS3LvtO+50Np4yjXYWJKh29JL6GHcp8o7+YKEyVUMB2CSDOP99eF9g5Q0d+1U2WVdB WQM= chris@admin
It is one line in length. To enable password-less ssh logins to a set of machines, slave01, slave02, and slave03, copy the .ssh/id_rsa.pub
file to all three machines and then concatenate it to the file ~/.ssh/authorized_keys
on each of the three machines. Make sure the file access permissions are correct on all the ssh files and directories. On the source machine (admin):
$ chmod 755 ~ $ chmod 700 ~/.ssh $ chmod 600 ~/.ssh/id_rsa
On the target machines (slave01, slave02, slave03):
$ chmod 755 ~ $ chmod 700 ~/.ssh $ chmod 400 ~/.ssh/authorized_keys