Thursday, November 2, 2006

connecting to SSH server passwordless

If you have to connect to an SSH server frequently or you want to make a shell script using ssh, you might want to consider connecting to it passwordless. This trick is now new. I have heard about this long time ago but didn't have any necessity for it so I ignored it until recently.

by the time of this writing, I have just completed my script for backup using SSH passwordless. Here I want to share the way I did it in a simple way. I hope it benefits others. Bear in mind that, all ssh utilities like sftp, scp and ssh can use passwordless connection once we complete setup one.

Step 1
  • Connect to SSH server and open up sshd_config in /etc/ssh or equivalent. Check your distro documentation.
  • Make sure you have the following entries:
    # Allow Identity Auth for SSH1?
    RSAAuthentication yes

    # Allow Identity Auth for SSH2?
    PubkeyAuthentication yes

    # Authorized Keys File
    AuthorizedKeysFile ~/.ssh/authorized_keys
Step 2
  • Make RSA keys using ssh-keygen in your home directory of ssh client.
    $ cd ~  
    $ mkdir identity-test
    $ cd identity-test
    $ ssh-keygen -f id_rsa -t rsa
    Generating public/private rsa key pair.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:

    Your identification has been saved in id_rsa.
    Your public key has been saved in id_rsa.pub.
    The key fingerprint is:
    c3:af:e9:6c:2f:19:4d:b5:1a:a9:40:06:54:e6:60:08 me@localhost
  • look at the created files
    $ ls
    id_rsa id_rsa.pub

    The id_rsa.pub contains the public key and id_rsa contains private key.
  • copy the content of id_rsa.pub to ~/.ssh/authorized_keys
    Two ways to achieve this
    1. login to ssh server and paste the content into the file
    2. using scp to copy the content into the file
  • So, let's test logging in with this key. Since we have put the test key in a non-standard place, we will need to reference it explicitly on the command line:
    $ ssh username@server -i ~/identity_test/id_rsa
    $username@server$ hostname
    $server
    $username@server$ exit

    $ ssh username@server -i $HOME/identity_test/id_rsa "echo Success!"
    Success!
    $
  • In the above examples, if you can login without password then the setup is a success. If not, please recheck the setup.
Have fun ssh'ing :)

Renew letsencrypt ssl certificate for zimbra 8.8.15

 Letsencrypt certs usually consists of these files: 1. cert.pem 2. chain.pem 3. fullchain.pem 4. privkey.pem I am not going to discuss about...