It is common practice among Linux users to exchange ssh keys between machines so that you can ssh between them without having to authenticate. The manual process for doing this involves taking the public key of the local host (
~/.ssh/id_rsa.pub
or ~/.ssh/id_dsa.pub
)
and appending it to the
~/.ssh/authorized_keys
file of the remote host you wish to log in without a password.
This process is simple, but requires a few different steps. Luckily, openssh includes a nifty little shell script that will take care of all of the manual steps for you. This script is called
ssh-copy-id
and should be available on your
Linux distro as long as you are using the openssh client.
In order to use it all you need to do is provide a username and a remote host to log in to. It will then copy your key to the authorized_keys file of the remote host and from then on you should be able to log in without authenticating. This is illustrated below:
[root@F17 ~]# ssh-copy-id root@192.168.122.1 The authenticity of host '192.168.122.1 (192.168.122.1)' can't be established. RSA key fingerprint is 62:e7:6e:18:b8:29:00:2d:f7:e4:5b:ca:81:76:b3:d9. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.122.1' (RSA) to the list of known hosts. root@192.168.122.1's password: Now try logging into the machine, with "ssh 'root@192.168.122.1'", and check in: ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@F17 ~]# [root@F17 ~]# [root@F17 ~]# [root@F17 ~]# ssh root@192.168.122.1 [root@media ~]# [root@media ~]#
As you can see no password was needed after exchanging the key.
NOTE:
ssh-copy-id
may give you the following error if
no ssh keys have been generated for the system:
[root@F17 ~]# ssh-copy-id root@192.168.122.1 /bin/ssh-copy-id: ERROR: No identities found
If that happens then you need to use
ssh-keygen
to generate keys. You can do
this non-interactively by using ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
. Alternatively you
can just run ssh-keygen
with no options and answer questions as they are presented.
Until next time,
Dusty