Monday, February 18, 2019

Oracle Linux -- PasswordLess SSH Connection


You want to be able to log into a server without providing the password for your account, that is, using the passwordless SSH connection.

This example uses PuTTY to log into a remote Oracle Linux machine


For ease setup, this example uses back-to-client approach, where public-private keys are generated on the remote machine, and the public key is sent to client machine. This approach makes it easy to setup required SSH folders and files on the remote machine.

First, log into the remote machine using your username and password and generate a public-private key pair:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Created directory '/home/oracle/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/
The key fingerprint is:
06:ba:71:79:1a:02:f6:9e:5d:ea:24:26:39:ed:af:92 oracle@server
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|  o   .          |
| . o . o         |
|    = + S        |
|   + B B         |
|  +.B =          |
|  E= +           |
|   .ooo          |


Now, still on remote machine set up your public key for authentication:

$ ssh-copy-id -i <username>@<machine>

Now try logging into the machine, with "ssh '<username>@<machine>'", and check in:


to make sure we haven't added extra keys that you weren't expecting.

The key now stored in .ssh/authorized_keys. Rename this file matching the value of the parameter AuthorizedKeysFile in the /etc/ssh/sshd_config.

[root@machine ~]# cat /etc/ssh/sshd_config | grep AuthorizedKeysFile
AuthorizedKeysFile      .ssh/authorized_keys2


[oracle@machine .ssh]$ mv authorized_keys authorized_keys2

Now copy your private key file id_rsa to your client machine. 

Using PuTTYgen import the private key, then save it, and in the connection properties, set using the saved private key file when establishing connection. 

For security precautions delete the private key from the remote machine. 

No comments: