Question
You have to create a password less ssh connection between 3 Linux box for non root user i.e a normal user user1.
Pre-requisites
User user1 should exist on all the 3 Linux box
Server details
server1.example
IP 192.168.1.6
server2.example
IP 192.168.1.11
server3.example
IP 192.168.1.12
Making password less connection from server1
On server 1
Login as user1[user1@server1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Created directory '/home/user1/.ssh'.
Enter passphrase (empty for no passphrase): [Press ENTER for EMPTY password]
Enter same passphrase again: [Press ENTER for EMPTY password]
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
81:bf:d5:03:3f:a1:a4:81:27:b5:61:e4:e6:17:b9:a0 user1@server1.example
The key's randomart image is:
+--[ RSA 2048]----+
| .= |
| * o . |
| + O = . |
| B * B . |
| E S = = |
| + o |
| . |
| |
| |
+-----------------+
With the above command we have created a pair of public and private key using RSA type authentication.
Click the link to know more about RSA and DSA type of authentication
Now to create a password less ssh connection we need to copy id_rsa.pub to the remote server i.e server2 and server3
[user1@server1 ~]$ ssh-copy-id user1@server2
The authenticity of host 'server2 (192.168.1.11)' can't be established.
RSA key fingerprint is de:75:8a:ff:26:1b:b5:82:61:36:9c:44:d2:57:3c:9e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server2,192.168.1.11' (RSA) to the list of known hosts.
user1@server2's password: [Give password for user1]
Now try logging into the machine, with "ssh 'user1@server2'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[user1@server1 ~]$ ssh-copy-id user1@server3
The authenticity of host 'server3 (192.168.1.12)' can't be established.
RSA key fingerprint is 98:61:fb:91:8b:10:29:e1:b2:db:fd:52:6d:79:d7:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server3,192.168.1.12' (RSA) to the list of known hosts.
user1@server3's password: [Give password for user1]
Now try logging into the machine, with "ssh 'user1@server3'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.NOTE: Make sure the permission on authorized_keys is 600
Using the above steps we have successfully created a password less authentication from
server 1 ------> server 3
Making password less connection from Server 2
On server 2
Login as user1[user1@server2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): [Press ENTER for EMPTY password]
Enter same passphrase again: [Press ENTER for EMPTY password]
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
8f:0d:bc:8c:fc:d1:38:1a:b3:be:7a:8d:fc:8d:0d:1e user1@server2.example
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| . |
| S |
| . o O |
| .=oE + |
| +B.O |
| .+=o= o |
+-----------------+
Now to create a password less ssh connection we need to copy id_rsa.pub to the remote server i.e server 1 and server 3
[user1@server2 ~]$ ssh-copy-id user1@server1
The authenticity of host 'server1 (192.168.1.6)' can't be established.
RSA key fingerprint is b8:36:c1:38:01:db:cc:89:b1:a9:b8:f7:f7:a8:17:ef.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server1,192.168.1.6' (RSA) to the list of known hosts.
user1@server1's password: [Give password for user1]
Now try logging into the machine, with "ssh 'user1@server1'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[user1@server2 ~]$ ssh-copy-id user1@server3
The authenticity of host 'server3 (192.168.1.12)' can't be established.
RSA key fingerprint is 98:61:fb:91:8b:10:29:e1:b2:db:fd:52:6d:79:d7:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server3,192.168.1.12' (RSA) to the list of known hosts.
user1@server3's password: [Give password for user1]
Now try logging into the machine, with "ssh 'user1@server3'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
Using the above steps we have successfully created a password less authentication from
server 2 ------> server 3
[user1@server3 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): [Press ENTER for EMPTY password]
Enter same passphrase again: [Press ENTER for EMPTY password]
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
5b:99:c5:84:02:fd:ea:95:b7:51:2e:e3:28:f3:9d:9d user1@server3.example
Now to create a password less ssh connection we need to copy id_rsa.pub to the remote server i.e server 1 and server 2
[user1@server3 ~]$ ssh-copy-id user1@server1
The authenticity of host 'server1 (192.168.1.6)' can't be established.
RSA key fingerprint is b8:36:c1:38:01:db:cc:89:b1:a9:b8:f7:f7:a8:17:ef.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server1,192.168.1.6' (RSA) to the list of known hosts.
user1@server1's password: [Give password for user1]
Now try logging into the machine, with "ssh 'user1@server1'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[user1@server3 ~]$ ssh-copy-id user1@server2
The authenticity of host 'server2 (192.168.1.11)' can't be established.
RSA key fingerprint is de:75:8a:ff:26:1b:b5:82:61:36:9c:44:d2:57:3c:9e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server2,192.168.1.11' (RSA) to the list of known hosts.
user1@server2's password: [Give password for user1]
Now try logging into the machine, with "ssh 'user1@server2'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
Using the above steps we have successfully created a password less authentication from
server 3 ------> server 1
server 3 ------> server 2
|
IMPORTANT NOTE:
|
|
For creating password less ssh authentication between multiple Linux machine using normal users make sure the two permissions are implemented or else the password less ssh authentication won't work
Permission 600 on authorized_keys file and
Permission 700 on .ssh directory
|
Related Articles
How to give normal user root privileges using sudo in Linux/Unix
How to create user without useradd command in Linux
How to give permission to user to run some commands in Linux
6 commands to list the logged in users
Suppose we are going to create 100 connection for that we have to processed same thing. Or is their any different way also.
There is no other way, you will have to copy all the public keys to all the remote servers "authorized_keys" file
Thanks
Deepak
I am getting error while executing this command:
ssh-copy-id root@master
and the error is:
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
root@master's password:
Permission denied, please try again.
root@master's password:
How should I resolve this problem??
Are you trying to copy the key as a normal user into the root account of the master server?
As you need to be root yourself to copy the key into client's root home directory
can any one send me the answer for
what is kernel patching in brief
how to upgrade kernel send me answer plz urgent
okay
kernel patching and kernel upgrading are two different things
Kernel patching is done mostly by the vendor developers like RedHat, Debian, SuSE's internal engineers will patch the kernel as an when a bug is reported and release a new kernel version.
As an end user we only upgrade the kernel
Follow below article for how to
golinuxhub.com/2012/08/upgrading-kernel.html
How can I set from root of one server to the non-root user of client computer.
copy the pubkey generated by root user to the authorized_keys file of non-root user.
I have been trying to do this on Ubuntu 20.04 but no matter how or what process I do, it continues to ask for a password. What are things to look for to stop it from asking for the user password?
Sorry if this comment is on such an old post, but I believe the process is the same.
I create the keys on server_1 under the user I want to use.
I copy the public key to server_2 and into the ~/.ssh/authorized_keys file
I have tried changing the permissions on server_2 to 700 for the .ssh directory and I have set the permissions to 640 for the ~/.ssh/authorized_keys file, but it still asks for a password every time I attempt the RSYNC command.