Again we will try an issue where the terminal in text mode programs from the command line are the protagonists.
SSH without password
We will not address how to install SSH (client / server) in your machine. This should not be a problem in the distributions of today, and many of them installed this program by default. Before further assume that both the SSH client and server are installed and running on your computer. SSH (Security SHell) is a program that allows you to connect securely between machines that have this program installed (client and server). Among the many things that SSH provides the most important is that all traffic between two machines (including accounts and passwords) is encrypted. This avoids that important and confidential information from falling into the wrong hands if someone is 'listening' which travels over the network with a program 'packet sniffer'.
To connect to SSH as the user 'user', from a machine called 'server1' to another called 'server2', we can write the following in a terminal:
Normally you have to type the password when connecting to another server. This is not a problem as long as we are working interactively and can write the key, is not a big problem if we connect a few times. But if we want a machine to automatically connect to another to perform work, or we have to connect many times to different machines, having to write the key all the time ends up being a problem. This can be solved using what are called private and public keys.Code:[User @ server1] # ssh user @ server2 user @ server2's password: xxxxxxx Last login: Sun July 31 2010 15:46:02 [User @ server2] #
To build our public and private keys are going to use ssh-keygen program is part of SSH. Below is a example of how we can generate these keys:
In this example we have generated two keys, one private (/ home / ralf / .ssh / id_rsa) and a public (/ home / ralf / .ssh / id_rsa.pub) of RSA with 2048 bits in length. We used 'passphrase' to avoid having to type it every time you connect.Code:[Ralf @ server1] # ssh-keygen-t rsa Generating public / private rsa key pair. Enter file in Which to save the key (/ home / ralf / .ssh / id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has-been saved in / home / ralf / .ssh / id_rsa. Your public key has-been saved in / home / ralf / .ssh / id_rsa.pub. The key fingerprint is: 09: f7: 58: bc: 07:3 f: f4: 70:7 b: d7: ce: cb: 6b: 61: f8: 9c ralf @ server1
Before continuing, there are two very important things to consider with respect to the security of our systems when we use SSH without password:
- The first is that the private key should never be made public. We must be careful that nobody has access to your private key so as not to compromise the security of our system.
- The second is that, by not using 'passphrase' (empty), we must be sure that the server machine (master) from where we are going to connect to other servers, must be safe. We need to take extra care with this machine, because if someone gets unwanted access it as root, you will get access in turn (without password) to all other servers in our network. To increase system security, and if we do not need access to 'root', we can create a system user with restricted privileges, which may be used to access other servers.
Bookmarks