How to remotely access a server with ssh without a password and simultaneously limit ssh connections to individual machines.
If you're running your own server for example to host a web server it's essential to be able to log in to the shell remotely to carry out setup or administration tasks. This is usually done by using a 'ssh' connection from your local machine using a username and password which is not the most secure method. Sending passwords over the internet is bad, you may forget the password and if someone in your team leaves you may have to spend time resetting all kinds of passwords.
Instead of using passwords we will use authentication keys. A private key will reside on our local machine and a sibling public key will be added to the list of possible authenticated logins.
The following steps will set up remote server access without passwords from a Mac to a Linux (CentOS) machine.
On your local machine:
Open /Applications/Utilities/Terminal
Run the following command:
Output:
At this point press enter to use the default path shown in brackets.
As mentioned in the output, we should now have two files. The private key (id_rsa) and the public key (id_rsa.pub). You can view both using the cat command, run the following command to view the public key and copy it to your clipboard everything from ssh-rsa to machine-name).
cd /Users/name/.ssh
cat id_rsa.pub
The next step is to add your new private key to your local machine's set of identities
ssh-add ~/.ssh/id_rsa
Now we need to give our public key to our server. To do this we need to ssh remote connect using our password although this may be the last time! Once connected, we add the public key (which should still be on our clipboard) to ~/.ssh/authorized_keys. Add the key on one line at the bottom and save it.
Finally we need to restart the server's ssh program, which on CentOS is done with the following command and output:
service sshd restart
That's all. When we ssh into our server in future, it will identify our machine using these authentication keys - no password required!
If you're running your own server for example to host a web server it's essential to be able to log in to the shell remotely to carry out setup or administration tasks. This is usually done by using a 'ssh' connection from your local machine using a username and password which is not the most secure method. Sending passwords over the internet is bad, you may forget the password and if someone in your team leaves you may have to spend time resetting all kinds of passwords.
Instead of using passwords we will use authentication keys. A private key will reside on our local machine and a sibling public key will be added to the list of possible authenticated logins.
The following steps will set up remote server access without passwords from a Mac to a Linux (CentOS) machine.
On your local machine:
Open /Applications/Utilities/Terminal
Run the following command:
ssh-keygen -t rsa -C "machine-name"
Output:
Generating
public/private rsa key pair.
Enter
file in which to save the key (/Users/mattmapleston/.ssh/id_rsa):
At this point press enter to use the default path shown in brackets.
Enter
passphrase (empty for no passphrase):
Enter
same passphrase again:
For added security add a passphrase for your keys. You will not see any characters or asterisks as you type.
Your
identification has been saved in /Users/name/.ssh/id_rsa.
Your
public key has been saved in /Users/name/.ssh/id_rsa.pub.
The
key fingerprint is:
**:**:**:**:**:**:**:**:**:**:**:**:**:d5:30:c7
machine-name
The
key's randomart image is:
+--[
RSA 2048]----+
| r = |
| g.= |
| @l. |
| $ .. |
| fE .S. o |
| + 4=. o . |
| *.o.. |
| o.o . |
| ew .; |
+---------------+
As mentioned in the output, we should now have two files. The private key (id_rsa) and the public key (id_rsa.pub). You can view both using the cat command, run the following command to view the public key and copy it to your clipboard everything from ssh-rsa to machine-name).
cd /Users/name/.ssh
cat id_rsa.pub
ssh-rsa
AjGAwzoWZh4kTMuva4BzKIBoYqiq+iwpuaZ3xzIW/21s2hpMkoX72cKAAB3NzaC1yc2EAAAADAQABABAQDG+FcBlWnoO9+7BMKHyq6cdHZLSI17BO8k7M3P73cNjiGNATINFOUb/YydCZtcsCvtH0hn5Mh2BhYAFBJi8GSYiHHZE2Szvob12mPJaH5if0VgAAxEo9tPsrRK+rutiDSrG2+gEtduT94RslE6BMxmZhXUCoocPySuSYIR7yBtYbTi1dKcI8l9+ZtEJkWz1MA1ZHs5RwLu17jp6QyBG8jHwclFiOWe4gkLw8S7QG7UaIeB+jKXYplaTW5AxVegYOrnJWqjkpoSYeXi63oGk33hDjte2IJVfIYl
machine-name
The next step is to add your new private key to your local machine's set of identities
ssh-add ~/.ssh/id_rsa
Now we need to give our public key to our server. To do this we need to ssh remote connect using our password although this may be the last time! Once connected, we add the public key (which should still be on our clipboard) to ~/.ssh/authorized_keys. Add the key on one line at the bottom and save it.
Finally we need to restart the server's ssh program, which on CentOS is done with the following command and output:
service sshd restart
Stopping
sshd: [
OK ]
Starting
sshd: [
OK ]
That's all. When we ssh into our server in future, it will identify our machine using these authentication keys - no password required!
No comments:
Post a Comment