Source: http://pigtail.net/LRP/printsrv/no-passwd.html
Sometimes it is desirable to establish a ssh connection (e.g. machine to machine) without (human typing) a password at the console.
For example, to automatically back up files from "Office" (using scp or rsync encrypted with ssh) to a Linux server at a remote data center.
(many business are required to have "off site" back-up of important data files in case of theft or fire damages).
At the office computer, pop a cygwin 
windows, generate a Private key and a corresponding Public key, (geeks call this a key pair)
when asked for location to store keys, just hit Enter, when asked for passphrase, just hit Enter.
The keys are now stored in a so called "hidden" directory at "~/.ssh"
The actual directory, if you install cygwin package in c:\cygwin, is c:\cygwin\home\currently_login-user\.ssh
| ssh-keygen -t rsa cd ~/.ssh dir |
At the remote data center Linux serve, (assuming you have an account called "john"), create a .ssh directory.
If the .ssh directory already exists, it will give an error message "cannot create directory", that is OK.
| login john mkdir .ssh exit |
At the office computer, pop a cygwin windows, copy your Public Key to the remote Linux server
| cd ~/.ssh scp id_rsa.pub john@remote_linux_server_ip_address:~/.ssh/newkey |
At the remote data centre Linux server, add (technically speaking, append) the office's Public Key to a special key file called "authorized_keys"
| login john cd ~/.ssh cat newkey cat newkey >> authorized_keys rm newkey chmod 600 authorized_keys exit |
At the office computer, pop a Cygwin windows,
ssh to the remote Data Center's Linux server, it should not ask for a password anymore.
| ssh john@remote_linux_server_ip_address |
As usual with any public key authentication scheme, you have to be careful not to leak out the Private key (i.e., ~/.ssh/id_rsa )
Geeks call this method of allowing access "authentication using public keys".
See this page on how to install openssh-cygwin on Windows 2000 and Windows
XP. It is also possible to use this method using Putty (ssh client) instead of Cygwin ssh client.
You need to generate/import/export the keys between Putty and sshd. Use PUTTYGEN to do that.
To disable password login completely:
edit /etc/ssh/sshd_config
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
1 comments:
I carefully read the whole article and tried to interpret whatever information that you have posted about how to use public key authentication. I am new to this concept so is facing difficulties as I am not having any programming knowledge.
public key infrastructure
Post a Comment