Passwordless root SSH Public Key Authentication on RHEL

-
To set it up is relatively straight forward:
On the client machine (ie. the one you are SSH'ing from) you will need to create an SSH RSA key. So run the following command - ensure you don't supply a password:
[root@node01 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
c6:66:93:16:73:0b:bf:46:46:28:7d:a5:38:a3:4d:6d root@node01
The key's randomart image is:
+--[ RSA 2048]----+
|            .    |
|       . + o     |
|      . @ E      |
|       * & .     |
|      . S =      |
|       = + .     |
|          o      |
|         .       |
|                 |
+-----------------+
This will generate the following files:
[root@node01 ~]# cd ~/.ssh
[root@node02 .ssh]# ls -l
total 8
-rw-------. 1 root root 1675 Jul 27 15:01 id_rsa
-rw-r--r--. 1 root root  406 Jul 27 15:01 id_rsa.pub
On the client machine tighten up file system permissions thus:
[root@node01 ~]# chmod 700 ~/.ssh
[root@node01 ~]# chmod 600 ~/.ssh/*
[root@node01 ~]# ls -ld ~/.ssh & ls -l ~/.ssh
drwx------. 2 root root 4096 Jul 27 15:01 /root/.ssh
-rw-------. 1 root root 1675 Jul 27 15:01 id_rsa
-rw-------. 1 root root  406 Jul 27 15:01 id_rsa.pub
Now copy the public key to the machine you want to SSH and fix permissions (you will be prompted for the root password):
[root@node01 ~]# ssh root@node02 'mkdir -p /root/.ssh'
[root@node01 ~]# scp /root/.ssh/id_rsa.pub root@node02:/root/.ssh/authorized_keys
[root@node01 ~]# ssh root@node02 'chmod  700 /root/.ssh'
[root@node01 ~]# ssh root@node02 'chmod  600 /root/.ssh/*'
You can also use the utility ssh-copy-id to do the above steps. If you don't have scp on the remote machine you will need to install it:
[root@node01 ~]# ssh root@node02 'yum install openssh-clients'
You should now be able to ssh directory from node01 to node02 without providing a password:
[root@node01 ~]# ssh node02
Last login: Wed Jul 27 15:41:56 2011 from 10.255.5.57
[root@node ~]#
IMPORTANT There is a bug in CentOS 6 / SELinux that results in all client presented certificates to be ignored when SELinux is set to Enforcing. To fix this simply:
[root@node01 ~]# ssh root@node02 'restorecon -R -v /root/.ssh'
restorecon reset /root/.ssh context system_u:object_r:ssh_home_t:s0->system_u:object_r:home_ssh_t:s0
restorecon reset /root/.ssh/authorized_keys context unconfined_u:object_r:ssh_home_t:s0->system_u:object_r:home_ssh_t:s0


Ref URL : http://www.firedaemon.com/blog/passwordless-root-ssh-public-key-authentication-on-centos-6






































Comments











Post a Comment



















Popular posts from this blog









[SOLVED]* Please wait for the system Event Notification service






-














Image







       There are different ways to solve this issue , Few of them are mentioned below .A permanent fix for this issue is yet to find. Solution : 1 Remove "Windows Live Messenger" from their terminal server resolved logout issues. Solution : 2 Start "Remote Desktop Services Manager" Identify the user ID in the Users tab In the Processes tab sort by ID Go down to the user ID and end the winlogon.exe process the user session will be logged off Solution : 3  From: mikefrobbins.com by graham ross From a command prompt on my PC or another computer on the domain I ran this to find out the PID of the svchost.exe associated with SENS sc \servername queryex SENS Note down the PID of that process and kill that process using PID. taskkill /S servername /PID xxxx /F Solution: 4  From : Windows Sever Forum The COM+ Event System timed out attempting to fire the Logoff method on event class {D5978650-5B9F-11D1-8DD2-00AA004ABD5E} for publisher and subscriber . The subscriber failed 








Read more










Rebuild the initial ramdisk image in Red Hat Enterprise Linux






-















  How to rebuild the initial ramdisk image in Red Hat Enterprise Linux    SOLUTION VERIFIED  - Updated  April 12 2016 at 10:15 AM  -   English     Environment   Red Hat Enterprise Linux (RHEL) 3  Red Hat Enterprise Linux (RHEL) 4  Red Hat Enterprise Linux (RHEL) 5  Red Hat Enterprise Linux (RHEL) 6  Red Hat Enterprise Linux (RHEL) 7  initrd / initramfs image    Issue   How to rebuild the initial ramdisk image in Red Hat Enterprise Linux  How to remake or recreate the initrd or initramfs  The  /etc/lvm/lvm.conf  and root file system resides on a logical volume. How to ensure the changes are applied upon rebooting?  The  /etc/multipath.conf  and my root file system resides on a multipath device. How to ensure the changes are applied upon rebooting?  The module options in  /etc/modprobe.conf  or  /etc/modprobe.d/  have been modified. How to ensure the changes are applied upon rebooting?    Resolution   When adding new hardware to a system, or after changing configuration files that may be








Read more










Python reference Interview questions






-















   1)HCL Python scripting developer Interview questions:-   1) How do you check list of files in the given path in python ??   2) How do you check whether file is exist or not in python   3) How do you perform copy file cmd in python ??   4) What is d use of setup.py in python   5) What is d use of __init__=__main__: condition in python??   6) What is d type of *args and **kargs ??   7) sys.path use in python ??      2) CES Limited Python developer Interview Face2Face Interview questions:-   1.Basic questions on oops:     *.Implement Base class using Instance, static and Abstract method       instance method - takes two arguments to add operation       static method - takes two args to multiply operation       abstract method - takes two args to div operation     *. Implement child class using 3 instance methods       instance - takes three args for add operation       instance - takes two args for multiplicatio operation       instance - takes two args for div opration       create a 








Read more