Dengan menggunakan langkah-langkah di bawah ini, anda bisa melakukan koneksi dengan ssh ke server dari klien tanpa memerlukan password.
- Mesin yang menjalankan perintah ssh adalah client
- Mesin yang diakses oleh client dengan menggunakan ssh adalah server
1. Jalankan perintah berikut di client
* -> ssh-keygen -t dsa
2. File id_dsa dan id_dsa.pub akan dibuat di direktori $HOME/.ssh
3. Copy file id_dsa.pub ke direktori .ssh yang terdapat di server
* -> scp $HOME/.ssh/id_dsa.pub user@server:/home/user/.ssh
4. Pindah ke direktori /root/.ssh dan buat file authorized_keys yang berisi id_dsa
* -> cd /home/user/.ssh
* -> cat id_dsa >> authorized_keys
5. You can try ssh to the server from the client and no password will be needed
* -> ssh user@server
Alternatif lainnya untuk langkah di atas adalah dengan menggunakan perintah ssh-copy-id. Langkahnya adalah:
1. Jalankan perintah berikut di klien
* -> ssh-keygen -t dsa
2. File id_dsa dan id_dsa.pub akan dibuat di dalam direktori $HOME/.ssh
3. Copy file id_dsa.pub direktori .ssh yang terdapat di server
* -> ssh-copy-id -i ~/.ssh/id_dsa.pub user@server
4. Anda bisa mencoba melakukakn koneksi ssh ke server dari client dan tanpa password
=======================================================================
SSH Without a Password
The following steps can be used to ssh from one system to another without specifying a password.
Notes:
* The system from which the ssh session is started via the ssh command is the client.
* The system that the ssh session connects to is the server.
* These steps seem to work on systems running OpenSSH.
* The steps assume that a DSA key is being used. To use a RSA key substitute 'rsa' for 'dsa'.
* The steps assume that you are using a Bourne-like shell (sh, ksh or bash)
* Some of this information came from:
http://www.der-keiler.de/Mailing-Lists/securityfocus/Secure_Shell/2002-12/0083.html
Steps:
1. On the client run the following commands:
$ mkdir -p $HOME/.ssh
$ chmod 0700 $HOME/.ssh
$ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ''
This should result in two files, $HOME/.ssh/id_dsa (private key) and $HOME/.ssh/id_dsa.pub (public key).
2. Copy $HOME/.ssh/id_dsa.pub to the server.
3. On the server run the following commands:
$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys2
$ chmod 0600 $HOME/.ssh/authorized_keys2
Depending on the version of OpenSSH the following commands may also be required:
$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys
$ chmod 0600 $HOME/.ssh/authorized_keys
An alternative is to create a link from authorized_keys2 to authorized_keys:
$ cd $HOME/.ssh && ln -s authorized_keys2 authorized_keys
4. On the client test the results by ssh'ing to the server:
$ ssh -i $HOME/.ssh/id_dsa server
5. (Optional) Add the following $HOME/.ssh/config on the client:
Host server
IdentityFile ~/.ssh/id_dsa
This allows ssh access to the server without having to specify the path to the id_dsa file as an argument to
ssh each time.
=================================================================================
SSH without password
ssh is a secure clone of rsh with RSA encryption based authentication. This micro HOWTO tells you how to use ssh without
having to type in your password everytime you use ssh. I had to RTFM, and I hope this will be googled for others to use.
0. The basis of using ssh without typing your password is public key based authentication. You need to generate a pair
of public/private keys for this. We shall stick to version 2 of ssh.
1. Firstly, generate your public/private keys using ssh-keygen
% ssh-keygen -t rsa
You must use the -t option to specify that you are producing keys for SSHv2 using RSA. This will generate your id_rsa
and id_rsa.pub in the .ssh directory in your home directory. I strongly suggest using a passphrase.
2. Now copy the id_rsa.pub to the .ssh directory of the remote host you want to logon to as authorized_keys2 .
[Note: If you have more than one host from which you want to connect to the remote host, you need to add the local host's
id_rsa.pub as one line in the authorized_keys2 file of the remote host, i.e., you can have more than one entry.
Thanks to Jinn Koriech for pointing this out. Also, you need to 'chmod 644 authorized_keys2' to make it unwritable to
everybody apart from the user. Thanks to Matthew Lohbihler for this info. Andy Pieters writes it is best to have .ssh
and associated directories on the server machine to have at most 0600 permissions. ]
You are basically telling the sshd daemon on the remote machine to encrypt the connection with this public key and that
this key is authorized for version 2 of the ssh protocol. Try using something secure like scp for this copying.
% scp ~foo/.ssh/id_rsa.pub foo@bar.cs.umd.edu:~foo/.ssh/authorized_keys2
3. Your public key based authentication has been setup. You won't be asked your password on the remote machine.
However, you need a program that manages your keys for you called an agent. You need to start the agent, tell it your
passphrase, and hook up to the agent whenever you need to connect to the remote machine.
4. We shall assume the following situation: You logon to a console and then startx as in say, an out-of-the-box Linux
installation. You should figure out what exactly has to be done for your specific machine's X initialization.
All the following steps are to be done on your local machine, in this case- localmachine.cs.umd.edu.
5. Fire your favourite editor, and pull up your .profile file. Add the following line to the file:
alias startx='ssh-agent startx'
This means that every child of startx (i.e. anything under X) would be able to hookup to the agent.
6. Edit your .xinitrc file by adding the following lines:
DISPLAY="localmachine.cs.umd.edu:0"
SSH_ASKPASS="/usr/libexec/openssh/x11-ssh-askpass"
ssh-add < /dev/null
# Change this to whatever window manager you use under X
# or leave whatever was there unchanged.
startkde
.xinitrc is the init file for X. Unfortunately, as ssh-add doesn't have a controlling terminal, it needs to be told to
read input from an external source. When you specify, /dev/null, the program pops up a d-box program specified by
$SSH_ASKPASS and ask you for your passphrase. The x11-ssh-askpass that comes with your openssh installation
is the d-box program . The DISPLAY is usually automatically set, but just in case.
A hint from Oliver Meili: If a graphical login manager like XDM,KDM, or GDM is used, ~/.xsession is started which,
in turn, runs ~/.xinitrc. You can add the ssh-agent to the line starting ~/.xinitrc in the ~/.xsession file like this:
ssh-agent ~/.xinitrc and the ~/.xinitrc file has everything else same as before.
If you had to create .xinitrc, then you must add something after the ssh-add statement to start the
window-manager/desktop/whatever. Otherwise, X will simply terminate after asking for the password. If you don't know
how to set this up, you might want to dig in your /etc/X11/init.d files for the appropriate init sequences.
7. Now when you startx, a dialog box should pop up and ask you for your passphrase. You are all set. Open up an xterm,
and say
% ssh bar.cs.umd.edu
Voila ! You'll be logged in without typing in your password. You'll have to re-enter your passphrase, everytime you
start X. The passphrase can be side-stepped by giving the empty string, but I'd rather you don't.
8. As a fringe benefit, you can execute any GUI based programs on the remote machine for free provided X forwarding
has been enabled; no setting up $DISPLAY , no need to xhost+ etc. Cool, eh ?
NB: No promises if this will work for you. I am not responsible if you screw up your workspace environment and/or your
machine.
============================================================================================
SSH login without password
Your aim
You want to use Linux and OpenSSH to automize your tasks. Therefore you need an automatic login from host A / user a
to Host B / user b. You don't want to enter any passwords, because you want to call ssh from a within a shell script.
How to do it
First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:
a@A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):
a@A:~> ssh b@B mkdir -p .ssh
b@B's password:
Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time:
a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
b@B's password:
From now on you can log into B as b from A as a without password:
a@A:~> ssh b@B hostname
B
A note from one of our readers: Depending on your version of SSH you might also have to do the following changes:
* Put the public key in .ssh/authorized_keys2
* Change the permissions of .ssh to 700
* Change the permissions of .ssh/authorized_keys2 to 640
Komentar
Posting Komentar