Why should I configure SSH without password
Why
should I configure SSH without password?
Well,
Some packages like openMosix(a Cluster Sofware) requires to execute
commands remotely on other cluster nodes to get process list of
remote host. For remote executing commands it uses rsh/ssh. SSH is
definitely secure that rsh. But SSH must be configured for root to
logging into remote system without password. SSH is secure even if
you use it to login without being prompted for a password. Here is a
one way to configure it.
Installation:
#rpm
-ivh sshd_rpm_packeage_from_your_linux_distribution_cd
Configuration:
At
first a running secure-shell daemon on the remote site is required.
If it is not already running start it with:
/etc/init.d/ssh start |
Now
you have to generate a keypair for SSH on your local computer whith
ssh-keygen.
ssh-keygen |
You
will be prompt for a passphrase for that keypair. The passphrase
normally is longer than a password and may be a whole sentence. The
keypair is encrypted with that passphrase and saved in
/root/.ssh/identity and /root/.ssh/identity.pub |
Do
NOT give your private-key to anybody!!! Now copy the whole content of
/root/.ssh/identity.pub (your public-key which should be one long
line) into /root/.ssh/authorized_keys on the remote host. (also copy
the content of /root/.ssh/identity.pub to your local
/root/.ssh/authorized_keys like you did it with the remote-node
because openMosixview needed password-less login to the local-node
too!)
If
you ssh to this remote host now you will be prompted for the
passphrase of your public-key. Giving the right passphrase should
give you a login.
What
is the advantage right now??? The passphrase is normally a lot longer
than a password! The advantage you can get using the ssh-agent. It
manages the passphrase during ssh login.
ssh-agent |
The
ssh-agent is started now and gives you two environment-variables you
should set (if not set already). Type:
echo and echo $SSH_AGENT_PID |
to
see if they are exported to your shell right now. If not just cut and
paste from your terminal. e.g. for the bash-shell:
SSH_AUTH_SOCK=/tmp/ssh-XXYqbMRe/agent.1065 export SSH_AGENT_PID=1066 export SSH_AGENT_PID |
example
for the csh-shell:
setenv setenv SSH_AGENT_PID 1066 |
With
these variables the remote-sshd-daemon can connect your local
ssh-agent by using the socket-file in /tmp (in this example
/tmp/ssh-XXYqbMRe/agent.1065). The ssh-agent can now give the
passphrase to the remote host by using this socket (it is of course
an encrypted transfer)!
You
just have to add your public-key to the ssh-agent with the ssh-add
command.
ssh-add |
Now
you should be able to login using ssh to the remote host without
being prompted for a passwod!
You
could (should) add the ssh-agent and ssh-add commands in your
login-profile e.g.
eval ssh-add |
Now
it is started when you login on your local workstation. You have done
it! I wish you secure logins now.
Reference:
http://howto.x-tend.be/openMosix-HOWTO/x1205.html