• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • Life always offers you a second chance ... Its called tomorrow !!!

    Sunday, January 12, 2014

    How to create password less ssh connection for multiple non-root users

    I had done password less shh authentication between multiple Linux box a couple of time but this time I had to do the same for normal user. I thought it would be same and actually it is the same but still there are few things which we might miss out and also it becomes a bit complicated and confusing as I did so for them I thought I should give some tips.

    Question
    You have to create a password less ssh connection between 3 Linux box for non root user i.e a normal user user1.

    Pre-requisites
    User user1 should exist on all the 3 Linux box

    Server details
    server1.example
    IP 192.168.1.6

    server2.example
    IP 192.168.1.11

    server3.example
    IP 192.168.1.12


    Making password less connection from server1

    On server 1
    Login as user1[user1@server1 ~]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/user1/.ssh/id_rsa):
    Created directory '/home/user1/.ssh'.
    Enter passphrase (empty for no passphrase): [Press ENTER for EMPTY password]
    Enter same passphrase again: [Press ENTER for EMPTY password]
    Your identification has been saved in /home/user1/.ssh/id_rsa.
    Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
    The key fingerprint is:
    81:bf:d5:03:3f:a1:a4:81:27:b5:61:e4:e6:17:b9:a0 user1@server1.example
    The key's randomart image is:
    +--[ RSA 2048]----+
    |       .=        |
    |       * o .     |
    |      + O = .    |
    |       B * B .   |
    |      E S = =    |
    |         +   o   |
    |        .        |
    |                 |
    |                 |
    +-----------------+

    With the above command we have created a pair of public and private key using RSA type authentication.

    Click the link to know more about RSA and DSA type of authentication

    Now to create a password less ssh connection we need to copy id_rsa.pub to the remote server i.e server2 and server3
    [user1@server1 ~]$ ssh-copy-id user1@server2
    The authenticity of host 'server2 (192.168.1.11)' can't be established.
    RSA key fingerprint is de:75:8a:ff:26:1b:b5:82:61:36:9c:44:d2:57:3c:9e.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'server2,192.168.1.11' (RSA) to the list of known hosts.
    user1@server2's password: [Give password for user1]
    Now try logging into the machine, with "ssh 'user1@server2'", and check in:

      .ssh/authorized_keys

    to make sure we haven't added extra keys that you weren't expecting.

    [user1@server1 ~]$ ssh-copy-id user1@server3
    The authenticity of host 'server3 (192.168.1.12)' can't be established.
    RSA key fingerprint is 98:61:fb:91:8b:10:29:e1:b2:db:fd:52:6d:79:d7:1a.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'server3,192.168.1.12' (RSA) to the list of known hosts.
    user1@server3's password: [Give password for user1]
    Now try logging into the machine, with "ssh 'user1@server3'", and check in:

      .ssh/authorized_keys

    to make sure we haven't added extra keys that you weren't expecting.
    NOTE: Make sure the permission on authorized_keys is 600

    Using the above steps we have successfully created a password less authentication from
    server 1 ------> server 2
    server 1 ------> server 3

    Making password less connection from Server 2


    On server 2 
    Login as user1[user1@server2 ~]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/user1/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase): [Press ENTER for EMPTY password]
    Enter same passphrase again: [Press ENTER for EMPTY password]
    Your identification has been saved in /home/user1/.ssh/id_rsa.
    Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
    The key fingerprint is:
    8f:0d:bc:8c:fc:d1:38:1a:b3:be:7a:8d:fc:8d:0d:1e user1@server2.example
    The key's randomart image is:
    +--[ RSA 2048]----+
    |                 |
    |                 |
    |                 |
    |       .         |
    |        S        |
    |     . o O       |
    |     .=oE +      |
    |      +B.O       |
    |    .+=o= o      |
    +-----------------+


    Now to create a password less ssh connection we need to copy id_rsa.pub to the remote server i.e server 1 and server 3
    [user1@server2 ~]$ ssh-copy-id user1@server1
    The authenticity of host 'server1 (192.168.1.6)' can't be established.
    RSA key fingerprint is b8:36:c1:38:01:db:cc:89:b1:a9:b8:f7:f7:a8:17:ef.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'server1,192.168.1.6' (RSA) to the list of known hosts.
    user1@server1's password: [Give password for user1]
    Now try logging into the machine, with "ssh 'user1@server1'", and check in:

      .ssh/authorized_keys

    to make sure we haven't added extra keys that you weren't expecting.

    [user1@server2 ~]$ ssh-copy-id user1@server3
    The authenticity of host 'server3 (192.168.1.12)' can't be established.
    RSA key fingerprint is 98:61:fb:91:8b:10:29:e1:b2:db:fd:52:6d:79:d7:1a.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'server3,192.168.1.12' (RSA) to the list of known hosts.
    user1@server3's password: [Give password for user1]
    Now try logging into the machine, with "ssh 'user1@server3'", and check in:

      .ssh/authorized_keys

    to make sure we haven't added extra keys that you weren't expecting.

    Using the above steps we have successfully created a password less authentication from
    server 2 ------> server 1
    server 2 ------> server 3


    Making password less connection from Server 3

    On server 3
    Login as user1
    [user1@server3 ~]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/user1/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase): [Press ENTER for EMPTY password]
    Enter same passphrase again: [Press ENTER for EMPTY password]
    Your identification has been saved in /home/user1/.ssh/id_rsa.
    Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
    The key fingerprint is:
    5b:99:c5:84:02:fd:ea:95:b7:51:2e:e3:28:f3:9d:9d user1@server3.example

    Now to create a password less ssh connection we need to copy id_rsa.pub to the remote server i.e server 1 and server 2
    [user1@server3 ~]$ ssh-copy-id user1@server1
    The authenticity of host 'server1 (192.168.1.6)' can't be established.
    RSA key fingerprint is b8:36:c1:38:01:db:cc:89:b1:a9:b8:f7:f7:a8:17:ef.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'server1,192.168.1.6' (RSA) to the list of known hosts.
    user1@server1's password: [Give password for user1]
    Now try logging into the machine, with "ssh 'user1@server1'", and check in:

      .ssh/authorized_keys

    to make sure we haven't added extra keys that you weren't expecting.

    [user1@server3 ~]$ ssh-copy-id user1@server2
    The authenticity of host 'server2 (192.168.1.11)' can't be established.
    RSA key fingerprint is de:75:8a:ff:26:1b:b5:82:61:36:9c:44:d2:57:3c:9e.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'server2,192.168.1.11' (RSA) to the list of known hosts.
    user1@server2's password: [Give password for user1]
    Now try logging into the machine, with "ssh 'user1@server2'", and check in:

      .ssh/authorized_keys

    to make sure we haven't added extra keys that you weren't expecting.

    Using the above steps we have successfully created a password less authentication from
    server 3 ------> server 1
    server 3 ------> server 2


    IMPORTANT NOTE:
    For creating password less ssh authentication between multiple Linux machine using normal users make sure the two permissions are implemented or else the password less ssh authentication won't work
    Permission 600 on authorized_keys file and
    Permission 700 on .ssh directory

    Related Articles
    How to give normal user root privileges using sudo in Linux/Unix
    How to create user without useradd command in Linux
    How to give permission to user to run some commands in Linux
    6 commands to list the logged in users


    Follow the below links for more tutorials

    Configure Red Hat Cluster using VMware, Quorum Disk, GFS2, Openfiler
    Tutorial for Monitoring Tools SAR and KSAR with examples in Linux
    How to configure Samba 4 Secondary Domain Controller
    How to secure Apache web server in Linux using password (.htaccess)
    How to register Red Hat Linux with RHN (Red Hat Network )
    Red hat Enterprise Linux 5.5 Installation Guide (Screenshots)
    15 tips to enhance security of your Linux machine
    Why is Linux more secure than windows and any other OS
    What is the difference between "su" and "su -" in Linux?
    What is kernel-PAE in Linux?
    What is swappiness and how do we change its value?
    How to log iptables messages in different log file
    What are the s and k scripts in the etc rcx.d directories
    How to check all the currently running services in Linux
    How to auto start service after reboot in Linux
    What is virtual memory, paging and swap space?

    7 comments:

    1. Suppose we are going to create 100 connection for that we have to processed same thing. Or is their any different way also.

      ReplyDelete
      Replies
      1. There is no other way, you will have to copy all the public keys to all the remote servers "authorized_keys" file

        Thanks
        Deepak

        Delete
    2. I am getting error while executing this command:
      ssh-copy-id root@master

      and the error is:

      /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
      /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
      root@master's password:
      Permission denied, please try again.
      root@master's password:


      How should I resolve this problem??

      ReplyDelete
    3. Are you trying to copy the key as a normal user into the root account of the master server?

      As you need to be root yourself to copy the key into client's root home directory

      ReplyDelete
    4. can any one send me the answer for
      what is kernel patching in brief
      how to upgrade kernel send me answer plz urgent

      ReplyDelete
      Replies
      1. kernel patching and kernel upgrading are two different things

        Kernel patching is done mostly by the vendor developers like RedHat, Debian, SuSE's internal engineers will patch the kernel as an when a bug is reported and release a new kernel version.

        As an end user we only upgrade the kernel

        Follow below article for how to
        http://www.golinuxhub.com/2012/08/upgrading-kernel.html

        Delete