Today we will learn how to establish password-less SSH connection between servers.
We normally have more than 2 servers in our organization. To access those servers, we open a terminal or any SSH client and provide the details (like username, Server IP/hostname and password). It becomes very painful when we want to login to different servers in short span of time. Moreover, when we receive alerts from many servers at a time, then in such cases, it becomes a bit lengthy task to access those servers.
For example, if we are working in an infra, where there are hundreds/thousands of Linux servers, then we must be having a big time to manage all of it. To deal with such a large numbers of Linux servers, password-less SSH becomes a necessary practice. This will definitely save our time and heads up.
Advantage of using password-less SSH is that, it is not compromising on security, as it is using pair of user generated keys for authentication. It is completely secured and server is being authenticated from saved keys. By this method, we can get rid of giving password to access the server.
How to configure password-less SSH connection between two servers?
- Create a SSH key on the source machine ( The machine from which you want to access the server without password). Use the below command to create the SSH key:
When asked whether you want to use a passpharse, press Enter to use the passphrase-less setup.
- When it is asked for the filename in which to store the (private key), accecpt the default filename ~/.ssh/id_rsa.
- Now when it is asked for passpharse, press Enter twice (for empty passphrase).
- The Private key will now be written to the ~/.ssh/id_rsa file (also called identification) and the public key is written to the ~/.ssh/id_rsa.pu file. Refer the below snapshot for your reference:
- ssh-copy-id is used to copy the ssh public file to other server. Now use the below command to copy the public key you have just created over to destination server (let’s say server2 having ip address 22.214.171.124).
$ ssh-copy-id server2or
$ sshp-copy-id 126.96.36.199
When you use the above command, you will be asked for a password, enter the password of your destination server (server2) to copy the file successfully. The above command will copy the content of ~/.ssh/id_rsa.pu to the file ~/.ssh/authorized_keys at destination server.
You are done now! You will be able to SSH to destination server (server2) from source server without giving any password.
If you are unable to access the server using a name (like server2) but able to access SSH using IP address, then add your IP address and name that you want to use for accessing SSH to your hosts file in the source server.
Moreover you can check anything on the destination server from the source server without entering into the destination server. All you have to do is to follow the below pattern:
$ ssh <destination_server_ip/name> '<thing_you_want_to_check>'
$ ssh server2 'echo $HOSTNAME' or $ssh server2 'uptime'
How password-less SSH works from one server to another?
The working of this is very simple. When using public/private key-based authentication, the user who wants to connect to a server generates a pubilc/private key pair. The private key needs to be kept private and will never ne distributed. The public kay is stored in the home directory of the target user on the SSH server( Destination server).
When autheticating using key pairs, the user generates a hash derived from the private key. This hash is sent to the server and if on the server it proves to match the public key that is stored in the server, the user is authenticated. (Soruce: Red Hat Enterprise Linux by Sander).
Hope you like this post. Share your idea and thought about this post. Thank you. 🙂
My name is Shashank Shekhar. I am a DevOps Engineer, currently working in one of the best companies in India. I am having around 5 years of experience in Linux Server Administration and DevOps tools.
I love to work in Linux environment & love learning new things.
Powered by Facebook Comments
Hello, this one was a nice blog. It would be better if you included the concept of SSH proxy. Hoping to see it in your coming posts. 🙂
Thanks Prasobh. 🙂 I will add the post related to SSH proxy soon.