Setting up passwordless SSH


Setting up passwordless SSH


SERVER1

SERVER2

Check /etc/ssh/sshd_config for

PubkeyAuthentication yes

If it's not set add it to bottom of file and do a:

# svcadm restart ssh


Check /etc/ssh/sshd_config for

PubkeyAuthentication yes

If it's not set add it to bottom of file and do a:

# svcadm restart ssh


Check home directory for .ssh

If it is not there do a mkdir .ssh

If it is there verify that it contains:

-rw-r--r-- 1 jcore
399 Jun 21 08:59 authorized_keys

-rw-r--r-- 1 jcore
399 Jun 21 08:59 authorized_keys2

-rw------- 1 jcore
887 Jun 21 09:00 id_rsa

-rw-r--r-- 1 jcore
231 Jun 21 09:00 id_rsa.pub

 


Check home directory for .ssh

If it is not there do a mkdir .ssh

If it is there verify that it contains:

-rw-r--r-- 1 jcore
399 Jun 21 08:59 authorized_keys

-rw-r--r-- 1 jcore
399 Jun 21 08:59 authorized_keys2

-rw------- 1 jcore
887 Jun 21 09:00 id_rsa

-rw-r--r-- 1 jcore
231 Jun 21 09:00 id_rsa.pub

 


If ~ /.ssh/ does not contain the 4 files do the following:

# ssh-keygen -t rsa

Hit return for all questions, DO NOT SET A PASSPHRASE


If ~ /.ssh/ does notcontain the 4 files do the following:

# ssh-keygen -t rsa

Hit return for all questions, DO NOT SET A PASSPHRASE


Copy ~/.ssh/id_rsa.pub to the other server

scp ~/.ssh/id_rsa.pub ${LOGIN}@${SERVER2}:${SERVER1}.id_rsa.pub


Copy ~/.ssh/id_rsa.pub to the other server

scp ~/.ssh/id_rsa.pub ${LOGIN}@${SERVER1}:${SERVER2}.id_rsa.pub


Now on each server:

# cat ${SERVER2}.id_rsa.pub >> ~/. ssh/authorized_keys

# cat ${ SERVER2}.id_rsa.pub >> ~/. ssh/authorized_keys2

# rm -f ${ SERVER2}.id_rsa.pub


Now on each server:

# cat ${ SERVER1}.id_rsa.pub >> ~/. ssh/authorized_keys

# cat ${ SERVER1}.id_rsa.pub >> ~/. ssh/authorized_keys2

# rm -f ${ SERVER1}.id_rsa.pub


Test:

ssh SERVER2


Test:

ssh SERVER2

 

Or Script it!

From SERVER1

ssh-keygen -t rsa

echo "now doing copies to ${SERVER2} - you will need the password"

scp ~/. ssh/id_rsa.pub${LOGIN}@${SERVER2}:id_rsa.pub

ssh ${LOGIN}@${SERVER2} 'if [ !-d .ssh ];then mkdir .ssh; fi'

ssh ${LOGIN}@${SERVER2} 'catid_rsa.pub >> .ssh/authorized_keys'

ssh ${LOGIN}@${SERVER2} 'catid_rsa.pub >> .ssh/authorized_keys2; rm id_rsa.pub'

scp ${LOGIN}@${SERVER2}:.ssh/id_rsa.pub remote.id_rsa.pub

cat remote.id_rsa.pub >> ~/. ssh/authorized_keys

cat remote.id_rsa.pub >> ~/. ssh/authorized_keys2

rm -f remote.id_rsa.pub

grep "PubkeyAuthentication /etc/ssh/sshd_config

if [ $? -ne 0 ]

then

echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config

svcadm restart ssh

fi

 

The Bottom Line

1. Each server MUST have PubkeyAuthentication yes in /etc/ssh/sshd_config
2. Each server user (aka root) MUST have a id_rsa and a id_rsa.pub in .ssh/, because you have to swap public keys between servers
3. You concatenate server B’s id_rsa.pub to server A’s .ssh/authorized_keys and .ssh/authorized_keys2
4. You concatenate server A’s id_rsa.pub to server B’s .ssh/authorized_keys and .ssh/authorized_keys2