Difference between revisions of "keyed login"
Jump to navigation
Jump to search
(moved here from ssh page, because I keep looking for it...) |
m (updated syntax highlight tags) |
||
Line 9: | Line 9: | ||
** If the latter file ''does'' already exist, then id_rsa.pub can just be appended to authorized_keys. | ** If the latter file ''does'' already exist, then id_rsa.pub can just be appended to authorized_keys. | ||
** The following command should work for either case: | ** The following command should work for either case: | ||
− | *** <bash>cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys'</ | + | *** <syntaxhighlight lang=bash>cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys'</syntaxhighlight> |
* It may be necessary to manually log on once to the client from the host (using the same usernames as above) in order to add the client to the host's known_hosts file; I'm not sure about this part. Need to test. | * It may be necessary to manually log on once to the client from the host (using the same usernames as above) in order to add the client to the host's known_hosts file; I'm not sure about this part. Need to test. | ||
* Manually log on from the client to the host to make sure that the host is added to the client's known_hosts file, otherwise the verification prompt may interrupt any processes trying to log on automatically. | * Manually log on from the client to the host to make sure that the host is added to the client's known_hosts file, otherwise the verification prompt may interrupt any processes trying to log on automatically. |
Latest revision as of 01:01, 20 July 2018
About
With Linux and similar systems, it is possible to set up access from a client to a server in such a way that it is unnecessary to manually enter a password. This technique actually makes the server more secure, since you are using public key encryption which is kind of like using a much longer password but never actually transmitting it (and it's all handled automatically).
Once this has been set up, a number of commands including ssh and rsync can connect without a password. This is especially useful for scripts, since otherwise you would have to have the password in plaintext within the script or in some other plaintext file.
How To
- On the client: Generate a public/private key pair using ssh-keygen
- Add the public key file (~/.ssh/id_rsa.pub) from the client to ~/.ssh/authorized_keys on the host.
- If the latter file doesn't already exist, then it can just be a direct copy of id_rsa.pub.
- If the latter file does already exist, then id_rsa.pub can just be appended to authorized_keys.
- The following command should work for either case:
cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys'
- It may be necessary to manually log on once to the client from the host (using the same usernames as above) in order to add the client to the host's known_hosts file; I'm not sure about this part. Need to test.
- Manually log on from the client to the host to make sure that the host is added to the client's known_hosts file, otherwise the verification prompt may interrupt any processes trying to log on automatically.
- If you disable logins now (e.g. via Webmin's "No login allowed" option), you will still be able to log in from a client with an authorized key.
Specific commands for doing this may be found here.