Press "Enter" to skip to content

Posts published in “Day: July 21, 2006”

Creating shared SSH authentication keys

Having multiple servers to entertain me and for website and application development, I found that entering passwords continually while switching from machine to machine very tiring. This enables cron jobs to run backups, and a mryiad of other automated tasks via an encrypted connection, thus not exposing my passwords over the network, some of which crosses wireless segments using such thigns as FTP, instead scp keeps things nice and garbled for anyone thinking to listen in.

This is not only for Linux, but all Unix type boxes and even Windows! Yes, I said windows! I’ll publish another article to explain how to accomplish this one a windows machine.

Here’s a quick and dirty tutorial of how to set up shared SSH keyss to authenticate to each server automagically, no more entering passphrases!

Login to the first server (harry in this example) and create your key

[code]
root@harry:/root# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): [just hit enter]
Enter same passphrase again: [just hit enter again]
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ac:0b:bf:3f:30:9a:05:29:d8:2b:27:58:cf:d3:08:9d
root@harry:
[/code]

Now scp the rsa key to the destination server (case):

[code]
root@harry:/home/dave# scp /root/.ssh/id_rsa.pub case:.ssh/authorized_keys
root@case’s password: [enter root’s password]
id_rsa.pub 100% 392 0.4KB/s 00:00
[/code]

and presto…. you are done, now ssh to case

[code]
root@harry:/home/dave# ssh root@case
Last login: Fri Jul 21 08:45:20 2006 from harry
Linux 2.4.22.
root@case:~#
[/code]

root is instantly authenticated from harry because of the shared key.

Now continue to replicate the process for each server/workstation/user that you wish. This can make life much easier for you however there is one drawback, see the note below.

NOTE: once setting this up even changing root’s password will not resecure they connection or change the ‘key’ nor will it stop access from any machine with a shared user and key. In simpler terms much the same way giving away a key to your house, the one who posesses the address and key to the hosue may enter at any time, the only way to disallow access is to change the lock or destroy the key (in our world, the authorized_keys file).

Happy hacking.

————————-
Test king has proved itself to the students all over the world by conducting practice tests and training sessions through tests like VCP-101V and 1Y0-327 which are based on the real exam patterns. The Microsoft test number 70-350 is also a popular test among the computer students. Test king also offers training programs for Cisco in tests such as 642-873 and 646-588. Another known test is 642-372 which Cisco students take in order to prepare well for their certifications requirements.