To ssh to the server without password, the following conditions must be met.
- The connecting user MUST have a key pair generated by ssh-keygen.
- The connecting user's public key must be stored in $HOME/.ssh/authorized_keys of connected user's home directory.
- The file permission of $HOME/.ssh/authorized_keys must be 644, i.e. rw--r--r—.
In the example below, we have ezpgp account on both ezpgp207 and ezpgp208.
We will make ezpgp@ezpgp207 to ssh ezpgp@ezpgp208 without password and vice versa.
First, we will us ssh-keygen to generate a RSA key pair on both server's $HOME/.ssh/
If /home/ezpgp/.ssh does not exist, just create it and change the directory permission to 700, i.e. rwx------.
[ezpgp@ezpgp207 ~]$ mkdir .ssh
[ezpgp@ezpgp207 ~]$ chmod 700 .ssh
The key name will be $HOSTNAME.sync and we don't set password up for the private key.
[ezpgp@ezpgp207 ~]$ cd .ssh
[ezpgp@ezpgp207 .ssh]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ezpgp/.ssh/id_rsa): ezpgp207.sync
Enter passphrase (empty for no passphrase): <== Don't give password, just Enter
Enter same passphrase again: <== Enter again
Your identification has been saved in ezpgp207.sync. <== private key
Your public key has been saved in ezpgp207.sync.pub. <== public key
The key fingerprint is:
49:da:eb:ae:46:1d:cb:29:84:f7:59:f2:de:77:24:9a ezpgp@ezpgp207.speed-ssl.com
[ezpgp@ezpgp207 .ssh]$ ll
total 12
-rw------- 1 ezpgp ezpgp 1675 Mar 31 20:11 ezpgp207.sync
-rw-r--r-- 1 ezpgp ezpgp 410 Mar 31 20:11 ezpgp207.sync.pub
-rw-r--r-- 1 ezpgp ezpgp 404 Mar 31 18:40 known_hosts
Generating key on ezpgp208
[ezpgp@ezpgp208 ~]$ cd .ssh
[ezpgp@ezpgp208 .ssh]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ezpgp/.ssh/id_rsa): ezpgp208.sync
Enter passphrase (empty for no passphrase): <== Don't give password, just Enter
Enter same passphrase again: <== Enter again
Your identification has been saved in ezpgp208.sync. <== private key
Your public key has been saved in ezpgp208.sync.pub. <== public key
The key fingerprint is:
15:39:01:b1:13:6c:07:21:df:c0:f4:1a:08:f1:6a:a4 ezpgp@ezpgp208.speed-ssl.com
[ezpgp@ezpgp208 .ssh]$ ll
total 12
-rw------- 1 ezpgp ezpgp 1671 Mar 31 20:20 ezpgp208.sync
-rw-r--r-- 1 ezpgp ezpgp 410 Mar 31 20:20 ezpgp208.sync.pub
-rw-r--r-- 1 ezpgp ezpgp 404 Mar 31 15:27 known_hosts
On ezpgp207, send ezpgp207.sync.pub to ezpgp208
[ezpgp@ezpgp207 .ssh]$ scp ezpgp207.sync.pub ezpgp@ezpgp208:~
ezpgp@ezpgp208's password:
ezpgp207.sync.pub 100% 410 0.4KB/s 00:00
On ezpgp208, import ezpgp207.sync.pub into .ssh/authorized_keys
[ezpgp@ezpgp208 .ssh]$ ll ~
total 4
-rw-r--r-- 1 ezpgp ezpgp 410 Mar 31 20:25 ezpgp207.sync.pub
[ezpgp@ezpgp208 .ssh]$ cat ~/ezpgp207.sync.pub >> authorized_keys
[ezpgp@ezpgp208 .ssh]$ ll
total 16
-rw-rw-r-- 1 ezpgp ezpgp 410 Mar 31 20:26 authorized_keys
-rw------- 1 ezpgp ezpgp 1671 Mar 31 20:20 ezpgp208.sync
-rw-r--r-- 1 ezpgp ezpgp 410 Mar 31 20:20 ezpgp208.sync.pub
-rw-r--r-- 1 ezpgp ezpgp 404 Mar 31 15:27 known_hosts
On ezpgp208, send ezpgp208.sync.pub to ezpgp207
[ezpgp@ezpgp208 .ssh]$ scp ezpgp208.sync.pub ezpgp@ezpgp207:~
ezpgp@ezpgp207's password:
ezpgp208.sync.pub 100% 410 0.4KB/s 00:00
On ezpgp207, import ezpgp208.sync.pub into .ssh/authorized_keys
[ezpgp@ezpgp207 .ssh]$ ll ~
total 4
-rw-r--r-- 1 ezpgp ezpgp 410 Mar 31 20:31 ezpgp208.sync.pub
[ezpgp@ezpgp207 .ssh]$ cat ~/ezpgp208.sync.pub >> authorized_keys
[ezpgp@ezpgp207 .ssh]$ ll
total 16
-rw-rw-r-- 1 ezpgp ezpgp 410 Mar 31 20:34 authorized_keys
-rw------- 1 ezpgp ezpgp 1675 Mar 31 20:11 ezpgp207.sync
-rw-r--r-- 1 ezpgp ezpgp 410 Mar 31 20:11 ezpgp207.sync.pub
-rw-r--r-- 1 ezpgp ezpgp 404 Mar 31 18:40 known_hosts
Change the file permission of authorized_keys to 644 on ezpgp207
[ezpgp@ezpgp207 .ssh]$ chmod 644 authorized_keys
[ezpgp@ezpgp207 .ssh]$ ll
total 16
-rw-r--r-- 1 ezpgp ezpgp 410 Mar 31 20:34 authorized_keys
-rw------- 1 ezpgp ezpgp 1675 Mar 31 20:11 ezpgp207.sync
-rw-r--r-- 1 ezpgp ezpgp 410 Mar 31 20:11 ezpgp207.sync.pub
-rw-r--r-- 1 ezpgp ezpgp 404 Mar 31 18:40 known_hosts
Change the file permission of authorized_keys to 644 on ezpgp208
[ezpgp@ezpgp208 .ssh]$ chmod 644 authorized_keys
[ezpgp@ezpgp208 .ssh]$ ll
total 16
-rw-r--r-- 1 ezpgp ezpgp 410 Mar 31 20:26 authorized_keys
-rw------- 1 ezpgp ezpgp 1671 Mar 31 20:20 ezpgp208.sync
-rw-r--r-- 1 ezpgp ezpgp 410 Mar 31 20:20 ezpgp208.sync.pub
-rw-r--r-- 1 ezpgp ezpgp 404 Mar 31 15:27 known_hosts
Now from ezpgp207 ssh to ezpgp208
[ezpgp@ezpgp207 .ssh]$ ssh -i ezpgp207.sync ezpgp@ezpgp208
Last login: Thu Mar 31 20:38:13 2011 from ezpgp207.speed-ssl.com
[ezpgp@ezpgp208 ~]$
From ezpgp208 ssh to ezpgp207
[ezpgp@ezpgp208 .ssh]$ ssh -i ./ezpgp208.sync ezpgp@ezpgp207
Last login: Thu Mar 31 19:52:46 2011 from ezpgp208.speed-ssl.com
[ezpgp@ezpgp207 ~]$
Copy ezpgp207.sync to /opt/ezpgp/cmds/ on ezpgp207 server
[ezpgp@ezpgp207 .ssh]$ cp ezpgp207.sync /opt/ezpgp/cmds
Copy ezpgp208.sync to /opt/ezpgp/cmds/ on ezpgp208 server
[ezpgp@ezpgp208 .ssh]$ cp ezpgp208.sync /opt/ezpgp/cmds
