APS

Subscription Management to Save Your Time and Money!

EZ SSH Key Exchange

Written By: Mel Lester Jr. - Nov• 18•13

Lately, I’ve been replacing noisy, power-hungry rack mounted Solaris and Linux servers with Linux virtual machines (VMs) hosted on quiet, fan-less MAC-Mini servers that hardly draw any power or generate any heat.  The sever running this blog is an example.  I keep the latest snapshot on a USB memory stick and can easily move the VM to another host if necessary.

Still, there remains the need to automate a number of daily administrative tasks, like backups and data synchronization among the various physical and virtual servers during the off hours.  For this, I rely on the UNIX utility, cron, to schedule a series of  nightly batch shell scripts to update, compress and archive critical files or even entire file systems.  Because many of these tasks may involve several servers, a non-interactive method of account authentication has to be employed.  For this, I use SSH Key Exchange.

SSH encryption is a complex subject and setting up automatic key exchanges isn’t something I do all that often, so while the subject is fresh in my mind, here is a simple check list for setting up a SSH Key Exchange and several  links to resources I have found to be helpful:

Check out oreilly.com/

  1. In the home directory of the account of the user you will be connecting from,  check for the existence of a sub-directory named .ssh (note the ‘dot’ which, when used to begin a file or directory name will hide it from a normal UNIX ‘ls’ directory command; use ‘ls -a’ instead to show entries beginning with a dot).  If you find the .ssh sub directory, skip to step 3.
  2. From the home directory and  command line of the account of the user you will be connecting from, enter the following command. Keep pressing the enter or return key when asked for a pass-phrase  and to accept all the defaults:
    • ssh-keygen -t rsa
  3. There should be a ‘hidden’ sub-directory called .ssh that has, among other things, a file named id_rsa_pub that you need to copy to the home directory of the user on the system you will be connecting to.  How you get a copy of the id_rsa_pub file there  is up to you — you may use a file transfer program or something like a flash drive, for example.  If you can’t find a file called id_rsa_pub, go back to step 2.
  4. Once you have a copy of the id_rsa_pub file in the home directory of the user account you are going to, look for a hidden .ssh directory.  If it doesn’t exist, create it from the command line using the following command:
    • mkdir .ssh; chmod 0700 .ssh
  5. Finally, from the same home directory of the user account you are going to, enter the following command:
    • Linux Systems:
      • cat id_rsa_pub >> .ssh/authorized_keys2; rm -f  id_rsa_pub
    • MAC OSX:
      • cat id_rsa_pub >> .ssh/authorized_keys; rm -f  id_rsa_pub

That should do it.  Go back to the user account on the system you are want to authorize from and test.  You may be asked to add the system to which you are connecting to the known hosts.  If so, go ahead, this is usually a one time deal and shouldn’t happen again unless something significant changes.  Now you should be able to log in or transfer files over an encrypted connection without using a password.

Three write-ups I have found useful in the past and relied on for this post are:

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.