[SOLVED] SSH login with no passwords for distributed program on red hat
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
SSH login with no passwords for distributed program on red hat
Hello,
I'm using a program on a group of servers which contact each other using SSH.
I've got the authentication keys setup with no password and the keys are on each box. But when one box tries to connect to another it wants the password for the user it's trying to communicate with.
So the main problem is there is a lot of communicating within this program so it's important to allow each box communicate with each other without the use of a password.
Does anyone have a solution?
I'm using OpenSSH 4.3 with OpenSSL 0.9.8 on Red Hat Enterprise Linux Server 5.3 (Tikanga).
I'm also using SSH on Ubuntu(Intrepid) to connect to these servers at the mo as i don't have direct access to the boxes.
Just as a warning, it's not recomended that you set up passphraseless and passwordless SSH communication but this is how i did it. In this guide passphrase is referring to the SSH passphrase and password refers to the users password.
sshd_config
Open "/etc/ssh/sshd_config" in your selected text editor, i used 'vi' because i only had a terminal to work with and also it highlights used options and darkens commented out options.
The options i have highlighted in my sshd_config file are the following:
Code:
Protocol 2
SyslogFacility AUTHPRIV
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
ChallegeReponseAuthentication no
UsePam no
Then anymore options underneath 'UsePam' can be left alone for this to work. But do not comment out 'AcceptEnv' or 'Subsystem' values, i'm not sure what they do but they look important!
To restart sshd, run the command
Code:
/etc/init.d/sshd restart
If your using ssh to the machine that your configuring the above command will not stop your connection.
id_rsa.pub and authorized_keys
First you need to make sure that your logged into the user which will be sending or receiving communications so you create the keys for the right user. Change the directory to $HOME (e.g. /home/<user name>/). The line "ssh-keygen -t rsa" starts creating a SSH Key which is used to set the directory the key is saved to, just press enter to use default, and it is used to set the passphrase to commnicate with the machine, again just hit enter twice since we don't want a passphrase. Next step is optional but for the program i was using the machine had to communicate with itself using ssh. So ".ssh/id_rsa.pub >> .ssh/authorized_keys" takes the SSH key we just created and appends it to authorized_keys, the file that was specified earlier in sshd_config.
Code:
su <user name>
cd $HOME
ssh-keygen -t rsa
.ssh/id_rsa.pub >> .ssh/authorized_keys
Repeat the above code in a terminal on each node which will be part of the network.
Key Sharing
The next step is to share the 'id_rsa.pub' key to the other nodes that will be contacting the current node. You can move the key how ever you want but due to certain restrictions i had to use 'scp'. It's rather simple to use and can come in real handy when you need to quickly transfer something. The basic syntax is
The end file can be called whatever you want but in this case i've called it something topical to what i'm doing.
On the other machine you want to go to the $HOME directory and append the SSH key file to the authorized_keys. Here's an example following the above scp code above.
Code:
cd $HOME
.ssh/chrismaster_rsa.pub >> .ssh/authorized-keys
Permissions
Permissions is the bit that stumped me but i didn't relise it was a problem until scouring many forums and other guides.
The Permissions that work for me are the following
Code:
cd $HOME
chmod go-w .
cd .ssh
chmod 700 .
chmod 600 *
I'm not entirely sure about these permissions but after this has been done on every node you'll be able to ssh or scp to anynode without SSH passphrases and user passwords
Last edited by chrisjemma; 08-17-2009 at 02:43 AM.
Reason: few spelling mistakes
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.