Keyless Login

    On server2:

    We allow temporarily the root-login into server2 with a password. Open /etc/sshd_config:

    vi /etc/ssh/sshd_config

    and change

    PermitRootLogin without-password

    to

    PermitRootLogin yes

    afterwards, restart the ssh-daemon:

    service ssh restart

    On server1:

    Create a private/public key pair:

    ssh-keygen

    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): <-- ENTER
    Created directory '/root/.ssh'.
    Enter passphrase (empty for no passphrase): <-- ENTER
    Enter same passphrase again: <-- ENTER
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    f3:d0:62:a7:24:6f:f0:1e:d1:64:a9:9f:12:6c:98:5a root@server1<br

    It is important that you do not enter a passphrase otherwise the mirroring will not work without human interaction so simply hit ENTER!

    Next, we copy our public key to server2.example.tld:

    ssh-copy-id -i /root/.ssh/id_rsa.pub Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!

    The authenticity of host '192.168.0.106 (192.168.0.106)' can't be established.
    ECDSA key fingerprint is 25:d8:7a:ee:c2:4b:1d:92:a7:3d:16:26:95:56:62:4e.
    Are you sure you want to continue connecting (yes/no)? <-- yes (you will see this only if this is the first time you connect to server2) 
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

    Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!'s password: <- enter root password from server2

    Now try logging into the machine:

    ssh Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!

    And check /root/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.

    cat /root/.ssh/authorized_keys

    ssh-dss AAAAB3NzaC1kc3MAAACBAPhiAexgEBexnw0rFG8lXwAuIsca/V+lhmv5lhF3BqUfAbL7e2sWlQlGhxZ8I2UnzZK8Ypffq6Ks+lp46yOs7MMXLqb7JBP9gkgqxyEWqOoUSt5hTE9ghupcCvE7rRMhefY5shLUnRkVH6hnCWe6yXSnH+Z8lHbcfp864GHkLDK1AAAAFQDddQckbfRG4C6LOQXTzRBpIiXzoQAAAIEAleevPHwi+a3fTDM2+Vm6EVqR5DkSLwDM7KVVNtFSkAY4GVCfhLFREsfuMkcBD9Bv2DrKF2Ay3OOh39269Z1rgYVk+/MFC6sYgB6apirMlHj3l4RR1g09LaM1OpRz7pc/GqIGsDt74D1ES2j0zrq5kslnX8wEWSHapPR0tziin6UAAACBAJHxgr+GKxAdWpxV5MkF+FTaKcxA2tWHJegjGFrYGU8BpzZ4VDFMiObuzBjZ+LrUs57BiwTGB/MQl9FKQEyEV4J+AgZCBxvg6n57YlVn6OEA0ukeJa29aFOcc0inEFfNhw2jAXt5LRyvuHD/C2gG78lwb6CxV02Z3sbTBdc43J6y Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!

    Disallow root-login with a password. Open /etc/sshd_config:

    vi /etc/ssh/sshd_config

    and change

    PermitRootLogin yes

    to

    PermitRootLogin without-password

    afterwards, restart the ssh-daemon:

    service ssh restart

    Logout from server2:

    exit

    logout
    Connection to 192.168.0.106 closed.

    We are now back on server1.

    Source: http://howtoforge.com

    Veröffentlicht