How to setup SSH key based authentication

In an automated world of IT, password based authentications are not a good choice and it will restrict so many abilities. For SSH access, you can easily configure SSH Key based authentication, which is easy to setup and very useful for quick server access. Also this method is secure than password based access since the authentication happens using private and public key pair values.

Warning : Make sure you keep all your private keys in a secure place.

On your Workstation/Jumpserver

Generate SSH keys

On your working host (like ansible controlnode or your jumphost server), create the ssh key pair.

[[email protected] ~]$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/devops/.ssh/id_rsa):
Created directory '/home/devops/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/devops/.ssh/id_rsa.
Your public key has been saved in /home/devops/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:mmSZGlQS9uN1NslXAOLiF70xHRWnfwtL2Asx3nHskYU [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| +.. . ..oo+oo|
| . + . + o oEoo|
| . + + Xoo..= |
| . o * +.** +..|
| . B S .+ = .o|
| = + o + o|
| . o o . |
| |
| |
+----[SHA256]-----+

You can also specify the key type and length as below

ssh-keygen -t rsa -b 4096 -C "[email protected]"

Check the generated private key and public key files.

[[email protected] ansible]$ cd ~/.ssh/
You have new mail in /var/spool/mail/root
[[email protected] .ssh]$ ls -lrta
total 12
-rw-r--r--. 1 devops devops 400 Jun 11 06:46 id_rsa.pub
-rw-------. 1 devops devops 1675 Jun 11 06:46 id_rsa
drwx------. 4 devops devops 110 Jun 11 06:46 ..
-rw-r--r--. 1 devops devops 186 Jun 11 06:55 known_hosts
drwx------. 2 devops devops 57 Jun 11 06:56

Make sure your permission for files are as show above; 600 for private keys.

On your nodes

Now you need to add these keys to your nodes – which you want to manage or access from your current. For the first time setup, I am enabling the PasswordAuthentication in /etc/ssh/sshd_config file. Please note, this one you have to do on the node you want to manage.

PasswordAuthentication yes

And restart sshd service

/etc/ssh/sshd_config

On your Workstation/Jumpserver

Come back to our workstation/jumphost and copy public keys to these machines. We can copy these public key to ~/.ssh/authorized_keys manually but the correct way is to use ssh-copy-id command.

[[email protected] ansible]$ ssh-copy-id -i ~/.ssh/id_rsa [email protected]
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/devops/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added

Now we will try to login to ansible-node1 as below.

[[email protected] .ssh]$ ssh [email protected]
Last login: Mon Jun 11 10:02:23 2018
[[email protected] ~]$

You can see, ansible-node1 didnt ask me for any password since devops user has been already athenticated using its ssh key.

If you have multiple keys for multiple projects or server groups, you can mention which ssh keys has to use for connection.

[[email protected] .ssh]$ ssh [email protected] -i ~/.ssh/id_rsa
Last login: Mon Jun 11 10:05:07 2018 from ansible-box.c.devops-angel.internal

Again, please make sure your private key files are stored in safe and secure place with restricted access.

Read more about ssh keys : SSH Key and Configurations

Gini Gangadharan

Gineesh Madapparambath | Backpacker, Foodie, Techie | techbeatly.com|rovervibes.com

You may also like...

Leave a Reply

avatar
  Subscribe  
Notify of
%d bloggers like this: