LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   SSH Key related concern (https://www.linuxquestions.org/questions/linux-newbie-8/ssh-key-related-concern-4175636924/)

sampy12345 08-22-2018 11:46 PM
SSH Key related concern
 
In linux i am creating a ssh key using below command and a file is created with name authorized_keys
ssh-keygen -b 4048 -t rsa -C "root@sourceIP"

After above step i am running below command authorized_keys file is getting created in .ssh/ and whenever i am trying to connect the destination ip from source it is not prompting me for any password .

ssh-copy-id root@destinationIP

My query : If i remove the authorized_keys file from my destination file will there be any impact( like will there be any application issue(as i am using ansible to install a application that is the reason for creating a ssh key))

Turbocapitalist 08-23-2018 12:25 AM
It is the authorized_key file on the destination machine which shows which key pairs can be used to authenticate. If you delete that file, then you will not be able to log in using any keys at all for that one account. However, you can move the file instead if you don't want it there where it is currently. Just set it to a new location in sshd_config using the AuthorizedKeysFile directive and then reload the configuration in sshd.

Either way, if you really are using root for remote access, remember to turn off password authentication for either everybody or just root by setting PasswordAuthentication to "no" or else PermitRootLogin to "prohibit-password" or "forced-commands-only" (they are the same in function)

See "man sshd_config" for information about moving the authorized_keys file.

See also "man sshd" and scroll down to the section on authorized keys file format for more.

sampy12345 08-23-2018 12:57 AM
Quote:
Originally Posted by Turbocapitalist (Post 5894692)
It is the authorized_key file on the destination machine which shows which key pairs can be used to authenticate. If you delete that file, then you will not be able to log in using any keys at all for that one account. However, you can move the file instead if you don't want it there where it is currently. Just set it to a new location in sshd_config using the AuthorizedKeysFile directive and then reload the configuration in sshd.

Either way, if you really are using root for remote access, remember to turn off password authentication for either everybody or just root by setting PasswordAuthentication to "no" or else PermitRootLogin to "prohibit-password" or "forced-commands-only" (they are the same in function)

See "man sshd_config" for information about moving the authorized_keys file.

See also "man sshd" and scroll down to the section on authorized keys file format for more.
Actually i have removed the file and i was able to login with credentials. Just i want to know whether there will be any application related issues

Turbocapitalist 08-23-2018 01:04 AM
Which machine are you referring to?

In the default arrangement for sshd, you must have an authorized_keys file on the destination machine in order to log in using keys. You do not need to have it on the source machine and there are no repercussions for removing it from the source machine.

sampy12345 08-23-2018 05:56 AM
Quote:
Originally Posted by Turbocapitalist (Post 5894702)
Which machine are you referring to?

In the default arrangement for sshd, you must have an authorized_keys file on the destination machine in order to log in using keys. You do not need to have it on the source machine and there are no repercussions for removing it from the source machine.
I am referring to the destination machine

Turbocapitalist 08-23-2018 06:08 AM
Then, if you are using keys, and if you have not changed the location for the authorized_keys file, then you have an authorized_keys file in /root/.ssh/authorized_keys in order to be able to use keys to log in. If have some other user and are not logging into that other account then that other accounts' ~/.ssh/authorized_keys file is also needed. Otherwise, it is not needed.

Rickkkk 08-23-2018 11:36 AM
Quote:
Originally Posted by sampy12345 (Post 5894699)
Actually i have removed the file and i was able to login with credentials. Just i want to know whether there will be any application related issues
The sshd_config file on your destination machine is therefore configured to fall back on password authentification if ssh key authentication is impossible. This is not as secure, but gives you 2 options to connect.

Either way, you're connected, and any application problems are unlikely to be related to the authentication method you used to connect.

Cheers.


All times are GMT -5. The time now is 04:03 AM.