SSH Key related concern
In linux i am creating a ssh key using below command and a file is created with name authorized_keys
ssh-keygen -b 4048 -t rsa -C "root@sourceIP" After above step i am running below command authorized_keys file is getting created in .ssh/ and whenever i am trying to connect the destination ip from source it is not prompting me for any password . ssh-copy-id root@destinationIP My query : If i remove the authorized_keys file from my destination file will there be any impact( like will there be any application issue(as i am using ansible to install a application that is the reason for creating a ssh key)) |
It is the authorized_key file on the destination machine which shows which key pairs can be used to authenticate. If you delete that file, then you will not be able to log in using any keys at all for that one account. However, you can move the file instead if you don't want it there where it is currently. Just set it to a new location in sshd_config using the AuthorizedKeysFile directive and then reload the configuration in sshd.
Either way, if you really are using root for remote access, remember to turn off password authentication for either everybody or just root by setting PasswordAuthentication to "no" or else PermitRootLogin to "prohibit-password" or "forced-commands-only" (they are the same in function) See "man sshd_config" for information about moving the authorized_keys file. See also "man sshd" and scroll down to the section on authorized keys file format for more. |
Quote:
|
Which machine are you referring to?
In the default arrangement for sshd, you must have an authorized_keys file on the destination machine in order to log in using keys. You do not need to have it on the source machine and there are no repercussions for removing it from the source machine. |
Quote:
|
Then, if you are using keys, and if you have not changed the location for the authorized_keys file, then you have an authorized_keys file in /root/.ssh/authorized_keys in order to be able to use keys to log in. If have some other user and are not logging into that other account then that other accounts' ~/.ssh/authorized_keys file is also needed. Otherwise, it is not needed.
|
Quote:
Either way, you're connected, and any application problems are unlikely to be related to the authentication method you used to connect. Cheers. |
All times are GMT -5. The time now is 04:03 AM. |