Imagine you have 100 Linux servers to manage, and you keep typing in passwords each time you log in to a server, and it would be a nightmare. Hence, most system administrators set up password-less authentication on Linux servers.
It is always a good practice to set up SSH keys for authentication, which is also known as password-less authentication.
How does password-less authentication work?
So you have 100’s of Linux servers. So what you will do is set up a Jump server and from there you will be able to login to any of the servers without a password.
What you will basically do is add the key of the jump server and add it to the production server. So whenever you do ssh server-production you won’t be asked for any password.
How to set up password-less authentication?
In our example below, we are server-a is our jump server and server-b is our production server. So we will be able to log in from server-a to server-b without being asked for a password.
- Login to server-a and generate SSH keys using the ssh-keygen command
[root@server-a /]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/justgeek/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/justgeek/.ssh/id_rsa. Your public key has been saved in /home/justgeek/.ssh/id_rsa.pub. The key fingerprint is: SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx root@server The key's randomart image is: +---[RSA 2048]----+ | . ..oo..| | . . . . .o.X.| | . . o. ..+ B| | . o.o .+ ..| | ..o.S o.. | | . %o= . | | @.B... . | | o.=. o. . . .| | .oo E. . .. | +----[SHA256]-----+
So we have successfully generated keys and now we need to copy the public key to our production server that is server-b in this example.
2. SSH to server-b using normal authentication method.
Now append the key mentioned in /home/justgeek/.ssh/id_rsa.pub on server-a to server-b in the file /home/justgeek/.ssh/authorized_keys
/home/justgeek/.ssh/authorized_keys on server-b will look something like this.
[root@server-b]$ cat /home/justgeek/.ssh/authorized_keys ssh-rsa QFSJZPPFWWFa4sLrqXPNyY2gJWtef7ZBYFEc19sl6BjnhwMMRnBrcGX1JBlm3fWW8+DwmwrG73LEomYk5KZNKV1nCNjwhLCanmmZwv8R6TIOrMASV4aOIFvVWgYDlKfQsmqZFKQm2H5Pem7qUGdJ962I9ZeC8pqPwYPR2YMrWiffMBlBXfqhfjiZlxyhuPeBr2YwPEyPoJ1iSdMarG3HgbCTkcfYHn4L9RMLvN4wrgkN3n1b8ArR3JV7kg0IIvxAAYlTQaZtl0f70yLSSO0SI1ZTQryPC0hWCS5Uz5T12YtEC85ymYhA\4vOnKebfXhuCsiGiCY5zVWNfXBNdXcXyeUrqV9HyKtjHdpcH6iB7MNSiIRn5F74== justgeek@server-a
Note: Key mentioned above is just an example, it’s not a real key 🙂 If you don’t want to copy the key manually, then you can use the simple command to copy the key to server-b
[root@server-a /]# ssh-copy-id justgeek@server-b justgeek@server-b's password: X11 forwarding request failed on channel 0 Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'server-b'" and check to make sure that only the key(s) you wanted were added.
You are all set !! now just run ssh justgeek@server-b from server-a and you won’t be ever asked for the password.
This is more secure than using a password. Also, you should consider disabling direct root login to the server