gomez’s blog

If you are dealing with configuration of many GNU/Linux servers per daily basis, you will most probably consider to implement some kind of mechanism which will allow you to log in as root user without typing in your root password all the time. Procedure is quite simple:

1. First thing that you need to do is to generate new keys using ssh-keygen command (in my case it is root user that I am using):

root@host:~# cd .ssh/
root@host:~/.ssh# ls
known_hosts
root@host:~/.ssh# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
4c:p0:fa:0z:14:22:1a:f3:af:be:5d:a7:8a:5x:s6:78 root@host
The key’s randomart image is:
+–[ RSA 2048]—-+
root@host:~/.ssh#

2. Once we are done with generating new keys we need to move id_rsa.pub key to server that we want to login to without using password using scp command:

root@host:~/.ssh# ls
id_rsa  id_rsa.pub  known_hosts
root@host:~/.ssh# scp  id_rsa.pub serveripaddress:id_rsa.pub
The authenticity of host ‘[server]‘ can’t be established.
RSA key fingerprint is be:0e:a1:22:dd:66:fg:52:ed:qw:2s:uk:57:d9:7f:99.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[server]‘ (RSA) to the list of known hosts.
root@server’s password:
id_rsa.pub                                    100%  399     0.4KB/s   00:00

3. Once done with moving id_rsa.pub file to server we need to make some small configurations steps onto a server in order to have this functionality working. Precisely, we need to append our public key to file authorized_keys2 in following way:

root@host:~/.ssh# ssh root@server
root@server’s password:

server:~# ls
id_rsa.pub
server:/home# cd /root/.ssh/
server:~/.ssh# touch authorized_keys2
server:~/.ssh# chmod 600 authorized_keys2

server:~/.ssh# cat /root/id_rsa.pub >> /root/.ssh/authorized_keys2
server:~/.ssh# exit
logout
Connection to server closed.

Please note that we actually created authorized_keys2 file with permissions 600 in prior to appending public key into it.

4. Last step that we need to do is to test this out. From the root account on your host we need to try to log onto a server using just server ip address or host name with root account without a password:

root@host:~$ ssh root@server
server:~#

We should be able to log onto a server without using password securely over ssh.

Few days ago, I have find out that OpenCoffee meeting will take a place in Sarajevo. Actually, this is 4th OpenCoffee meeting so far, so I have asked myself how did I miss previous meetings. Since I like those kind ideas and meetings I have visited this one and it was really nice experience. It was good opportunity to meet those people from Twitter, or some other social community sites that I visit for years. We talked about different activities that we are working on that scale from Web2.0 to system administration, development or networking. I hope that I will a chance to visit next meeting.

1. Opencoffee meeting official invite at lab.ba (in Bosnian language)
2. Photo gallery on Flickr