Generación e intercambio de claves SSH para login remoto sin credenciales

Uso de disown para ejecución de procesos en segundo plano
23 de mayo de 2021
Videos y recursos sobre AI / Machine Learning
24 de octubre de 2021

Guía para validación password-less entre sistemas Linux.

Check for existing SSH key pair. Before generating a new SSH key pair first check if you already have an SSH key on your client machine because you don’t want to overwrite your existing keys.

Run the following to see if existing SSH keys are present:

ls -al ~/.ssh/id_*.pub

If there are existing keys, you can either use those and skip the next step or backup up the old keys and generate a new one.

If you see No such file or directory or No matches found it means that you do not have an SSH key and you can proceed with the next step and generate a new one.

Generate a new SSH key pair.

The following command will generate a new 4096 bits SSH key pair with your email address as a comment:

ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"

Press Enter to accept the default file location and file name:

Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

Next, the ssh-keygen tool will ask you to type a secure passphrase. Whether you want to use passphrase it’s up to you, if you choose to use passphrase you will get an extra layer of security. In most cases, developers and system administrators use SSH without a passphrase because they are useful for fully automated processes.

If you don’t want to use a passphrase just press Enter.

Enter passphrase (empty for no passphrase): The whole interaction looks like this:

To be sure that the SSH keys are generated you can list your new private and public keys with:

ls ~/.ssh/id_*
cat /home/yourusername/.ssh/id_rsa
cat /home/yourusername/.ssh/id_rsa.pub

Copy the public key

Now that you have generated an SSH key pair, in order to be able to login to your server without a password you need to copy the public key to the server you want to manage.

The easiest way to copy your public key to your server is to use a command called

ssh-copy-id

On your local machine terminal type:

ssh-copy-id remote_username@server_ip_address

You will be prompted to enter the remote_username password:

remote_username@server_ip_address's password

Once the user is authenticated, the public key will be appended to the remote user authorized_keys file and connection will be closed.

If by some reason the ssh-copy-id utility is not available on your local computer you can use the following command to copy the public key:

cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address
mkdir -p ~/.ssh
chmod 700 ~/.ssh
cat ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Login to your server using SSH keys

After completing the steps above you should be able log in to the remote server without being prompted for a password.

To test it just try to login to your server via SSH:

ssh remote_username@server_ip_address

If everything went well, you will be logged in immediately.

Source info: https://linuxize.com/post/how-to-setup-passwordless-ssh-login

Deja una respuesta

gdpr-image
Este sitio web utiliza cookies para mejorar su experiencia. Al utilizar este sitio web, usted acepta nuestra Política de privacidad.
Leer más