Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Implementing Password Less SSH

    Enviado por

    Shivam Chawla
    64 visualizações5 páginas
    This procedure describes that how to make the SSH, SCP and SFTP password less for a normal user. We can do it for root user also with the same procedure.

    Descrição original:

    Direitos autorais

    © Attribution Non-Commercial (BY-NC)

    Formatos disponíveis

    DOC, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    This procedure describes that how to make the SSH, SCP and SFTP password less for a normal user. We can do it for root user also with the same procedure.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato DOC, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    64 visualizações5 páginas

    Implementing Password Less SSH

    Enviado por

    Shivam Chawla
    This procedure describes that how to make the SSH, SCP and SFTP password less for a normal user. We can do it for root user also with the same procedure.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato DOC, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 5

    How to implement password less SSH, SCP & SFTP

    Following is the procedure to implement password less SSH, SCP & SFTP. It is implemented on Vmware Machines.

    Requirement: Two Servers with Solaris OS (SPARC or x86) Machines Detail:


    In this Scenario, Two VMware machines are there with Solaris 10 OS (x86). First Machine Detail:
    bash-3.00# hostname sun1 bash-3.00# bash-3.00# ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 e1000g0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2 inet 192.168.10.2 netmask ffffff00 broadcast 192.168.10.255 ether 0:c:29:b9:f6:6b bash-3.00# Telnet, SSH and FTP is enable.

    Second Machine Detail:


    bash-3.00# hostname sun2 bash-3.00# ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 e1000g0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2 inet 192.168.10.6 netmask ffffff00 broadcast 192.168.10.255 ether 0:c:29:4a:b2:54 bash-3.00# Telnet, SSH and FTP is enable.

    Procedure:
    Shivam Chawla | shivam.chawla@hotmail.com

    This procedure describes that how to make the SSH, SCP & SFTP password less for a normal user. We can do it for root user also with the same procedure. On First Machine: 1. Login with root user. 2. Add one Group.
    bash-3.00# groupadd -g 301 group1

    3. Add one user.


    bash-3.00# useradd -u 100 -g group1 -d /export/home/user1 -m -s /bin/bash user1 64 blocks

    4. Login with user1 and generate the ssh key with ssh-keygen command. It will create a public key and private key in the home directory of user. In this case it is /export/home/user1
    -bash-3.00$ pwd /export/home/user1 -bash-3.00$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/export/home/user1/.ssh/id_rsa): (Press Enter for default directory) Created directory '/export/home/user1/.ssh'. Enter passphrase (empty for no passphrase): (Press Enter for no passphrase) Enter same passphrase again: (Press Enter) Your identification has been saved in /export/home/user1/.ssh/id_rsa. Your public key has been saved in /export/home/user1/.ssh/id_rsa.pub. The key fingerprint is: ae:af:11:b8:9c:3e:27:62:ee:f5:86:8e:38:d5:c1:f0 user1@sun1 -bash-3.00$

    5. Check whether the key is generated or not.


    -bash-3.00$ ls -latr total 16 drwxr-xr-x 4 root -rw-r--r-1 user1 -rw-r--r-1 user1 -rw-r--r-1 user1 -rw-r--r-1 user1 -rw------1 user1 drwxr-xr-x 3 user1 drwx-----2 user1 -bash-3.00$ cd .ssh/ -bash-3.00$ ls -latr total 8 root group1 group1 group1 group1 group1 group1 group1 512 Jun 9 12:29 .. 144 Jun 9 12:29 .profile 136 Jun 9 12:29 local.cshrc 157 Jun 9 12:29 local.login 174 Jun 9 12:29 local.profile 9 Jun 9 12:39 .bash_history 512 Jun 9 12:45 . 512 Jun 9 12:45 .ssh

    Shivam Chawla | shivam.chawla@hotmail.com

    drwxr-xr-x -rw------drwx------rw-r--r--bash-3.00$

    3 1 2 1

    user1 user1 user1 user1

    group1 group1 group1 group1

    512 887 512 220

    Jun Jun Jun Jun

    9 9 9 9

    12:45 12:45 12:45 12:45

    .. id_rsa . id_rsa.pub

    On Second Machine: 6. Login with root user. 7. Add one group.


    bash-3.00# groupadd -g 301 uhgiex

    8. Create home directory for user.


    bash-3.00# mkdir -p /usr/prms/ftp/switches/28

    9. Add one user.


    bash-3.00# useradd -u 100 -g uhgiex -d /usr/prms/ftp/switches/28 -m -s /bin/bash ughiex

    10.

    Change the user and group permissions for the user home directory.

    bash-3.00# cd /usr/prms/ftp/switches/ bash-3.00# ls -ltr total 2 drwxr-xr-x 2 root

    root

    512 Jun 9 12:41 28

    bash-3.00# chown -R uhgiex:uhgiex 28 bash-3.00# ls -ltr total 2 drwxr-xr-x 2 uhgiex uhgiex

    512 Jun 9 12:41 28

    On First Machine: 11. 12. Login with user1. Change present working directory to .ssh

    -bash-3.00$ cd .ssh/ -bash-3.00$ ls -latr total 8 drwxr-xr-x 3 user1 -rw------1 user1 drwx-----2 user1 -rw-r--r-1 user1

    group1 group1 group1 group1

    512 887 512 220

    Jun Jun Jun Jun

    9 9 9 9

    12:45 12:45 12:45 12:45

    .. id_rsa . id_rsa.pub

    13. Now transfer id_rsa.pub file to the second machine using ftp command. Enter the username and password of uhgiex user as we are implementing password less SSH, SCP & SFTP for uhgiex user in this case.
    -bash-3.00$ ftp 192.168.10.6

    Shivam Chawla | shivam.chawla@hotmail.com

    Connected to 192.168.10.6. 220 sun2 FTP server ready. Name (192.168.10.6:user1): uhgiex 331 Password required for uhgiex. Password: 230 User uhgiex logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> ftp> bin 200 Type set to I. ftp> hash Hash mark printing on (8192 bytes/hash mark). ftp> mput id_rsa.pub mput id_rsa.pub? y 200 PORT command successful. 150 Opening BINARY mode data connection for id_rsa.pub. # 226 Transfer complete. local: id_rsa.pub remote: id_rsa.pub 220 bytes sent in 0.00072 seconds (299.97 Kbytes/s) ftp> bye 221-You have transferred 220 bytes in 1 files. 221-Total traffic for this session was 723 bytes in 1 transfers. 221-Thank you for using the FTP service on sun2. 221 Goodbye. -bash-3.00$

    On Second Machine: 14. 15. Login with uhgiex user. Check id_rsa.pub file.

    -bash-3.00$ pwd /usr/prms/ftp/switches/28 -bash-3.00$ ls -ltr total 2 -rw-r--r-- 1 uhgiex uhgiex

    220 Jun 9 12:54 id_rsa.pub

    16. Make .ssh directory in the home directory of user i.e. /usr/prms/ftp/switches/28 in this case.
    -bash-3.00$ pwd /usr/prms/ftp/switches/28 -bash-3.00$ mkdir .ssh

    Shivam Chawla | shivam.chawla@hotmail.com

    17. Change present working directory to .ssh and check whether the authorized_keys file is available in the .ssh directory. If file is not there then create it using touch command.
    -bash-3.00$ cd .ssh -bash-3.00$ ls ltr total 0 -bash-3.00$ touch authorized_keys -bash-3.00$ cd ..

    18.

    Append the contents of id_rsa.pub file into authorized_keys file.

    -bash-3.00$ cat id_rsa.pub >> .ssh/authorized_keys

    Now, user1 of First Machine can do the SSH, SCP & SFTP to the uhgiex user of the Second Machine.
    -bash-3.00$ ssh uhgiex@192.168.10.6 The authenticity of host '192.168.10.6 (192.168.10.6)' can't be established. RSA key fingerprint is ce:ac:2d:7b:fb:a3:9c:b2:9d:b3:9f:dd:ae:51:5b:3d. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.10.6' (RSA) to the list of known hosts. Last login: Thu Jun 9 12:50:26 2011 from 192.168.10.2 Sun Microsystems Inc. SunOS 5.10 Generic January 2005 -bash-3.00$ exit logout Connection to 192.168.10.6 closed. -bash-3.00$ sftp uhgiex@192.168.10.6 Connecting to 192.168.10.6... sftp> bye -bash-3.00$

    Shivam Chawla | shivam.chawla@hotmail.com

    Você também pode gostar