Setting up Public/Private Keys Between Servers
This guide will help you setup Public/Private keys between two Linux servers for SSH authentication.
This will allow you to connect (SSH) from one server to the other without manually authenticating. This is important for setting up things like backups via rsync.
This guide will setup authentication in one direction - from System A to System B. In many cases this is all you will want - but if you want Authentication in both directions simply follow this guide twice, the second time reversing the systems.
Step 1 - Create public and private keys
Log in to System A as unpriv_userA and check that if you already have a public/private key pair: stat ~/.ssh/id_rsa. If this returns stat: cannot stat ... : No such file or directory you will need to create a public private key pair.
If the stat returns data about the file continue with step 2.
Create public/private key pair
| System A - 192.168.0.1 | |
| To create the key pair enter ssh-keygen -t rsa | ssh-keygen -t rsa |
| Generating public/private rsa key pair. | |
| You will be prompted for a path to save the key - this should default to /home/unpriv_userA/.ssh/id_rsa press Enter | Enter file in which to save the key (/home/unpriv_userA/.ssh/id_rsa): Enter |
| You will be prompted for a passphrase - for our purposes we don't want one. press Enter Enter | Enter passphrase (empty for no passphrase):Enter Enter same passphrase again:Enter |
| You should see something similar to this | The key's randomart image is: +--[ RSA 2048]----+ | | | | | E . . | | o . o | | . + S o | | . + = * = | | . o o B = + | | = . = . | | . o o | +-----------------+ |
Step 2 - Transfer Public Key
Still on System A transfer the public key to system B.
| System A - 192.168.0.1 | |
| To transfer the key enter scp ~/.ssh/id_rsa.pub unpriv_userB@192.168.0.2:key-transfer.pub | scp ~/.ssh/id_rsa.pub unpriv_userB@192.168.0.2:key-transfer.pub |
| You will be prompted for the password, enter it and press Enter | unpriv_userB@192.168.0.2's password:password Enter |
| The key should be transferred | id_rsa.pub 100% 397 0.4KB/s 00:00 |
Step 3 - Add public key to authorized_keys
Log in to System B as unpriv_userB and append the transferred key to the end of the authorized_keys file.
| System B - 192.168.0.2 | |
| Make sure the .ssh folder exists for this user mkdir -m 700 -p ~/.ssh | mkdir -m 700 -p ~/.ssh |
| To Append the key type cat ~/key-transfer.pub >> ~/.ssh/authorized_keys | cat ~/key-transfer.pub >> ~/.ssh/authorized_keys |
| Clean up with rm ~/key-transfer.pub | rm ~/key-transfer.pub |
Step 4 - Test
Back on System A as unpriv_userA you should now be able to connect to System B as unpriv_userB. You can test this by simply connecting with SSH.
| System A - 192.168.0.1 | |
| To test type ssh unpriv_userB@192.168.0.2 | ssh unpriv_userB@192.168.0.2 |
| If successful you will not be prompted for a password and you will see the bash prompt of system B |
Step 5 - Automated Process
Depending on how many servers you need to setup key authentication it may be sensible to create a script, the following script is not completely silent but should speed up the process.
Copy the below script into a file (vi ~/share_keys.sh), make it executable with chmod +x ~/share_keys.sh and execute it ~/share_keys.sh.
| #!/bin/sh | |
| cd ~ | Move to the user home directory. |
| read -p "Enter server address :" TEMP_SERVER | Prompt the user for the target server. |
| read -p "Enter server user :" TEMP_SERVER_USER | Prompt the user for the username on the remote server. |
| stat ~/.ssh/id_rsa || ssh-keygen -t rsa | Create a rsa key if one doesn't already exist |
| ssh $TEMP_SERVER_USER@$TEMP_SERVER mkdir -m 700 -p .ssh | Make sure the .ssh folder exists on the target system |
| cat .ssh/id_rsa.pub | ssh $TEMP_SERVER_USER@$TEMP_SERVER 'cat >> .ssh/authorized_keys' | Transfer the key and append it to the authorized_keys file |