SSH2 key-based authentication setup
I have previously explained how to perform SSH and SCP on openSSH without entering a password . In this article, I will explain how to set up key-based authentication on SSH2 and perform SSH/SCP without entering a password using the following 10 steps .
1. Verify that both the local host and the remote host are running SSH2.
请注意, ssh and scp are symbolic links to ssh2 and scp2 respectively, as shown below.
[jiyik.com@local-host]$ ls -l /usr/local/bin/ssh /usr/local/bin/scp
lrwxrwxrwx 1 root root 4 Mar 10 22:04 /usr/local/bin/scp -> scp2
lrwxrwxrwx 1 root root 4 Mar 10 22:04 /usr/local/bin/ssh -> ssh2
[jiyik.com@local-host]$ ssh -V
ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu
[jiyik.com@remote-host]$ ls -l /usr/local/bin/ssh /usr/local/bin/scp
lrwxrwxrwx 1 root root 4 Mar 10 22:04 /usr/local/bin/scp -> scp2
lrwxrwxrwx 1 root root 4 Mar 10 22:04 /usr/local/bin/ssh -> ssh2
[jiyik.com@remote-host]$ ssh -V
ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu
2. Use ssh-keygen2 to generate a key pair on the local host.
Typically ssh-keygenwill be ssh-keygen2a soft link to as shown below.
[jiyik.com@local-host]$ ls -l /usr/local/bin/ssh-keygen
lrwxrwxrwx 1 root root 11 Mar 10 22:04 /usr/local/bin/ssh-keygen -> ssh-keygen2
[jiyik.com@local-host]$ ssh-keygen
Generating 2048-bit dsa key pair
2 oOo.oOo.oOo.
Key generated.
2048-bit dsa, jsmith@local-host, Sat Jun 21 2022 23:10:20 -0700
Passphrase :<Enter the passphrase>
Again :
Private key saved to /home/jiyik/.ssh2/id_dsa_2048_b
Public key saved to /home/jiyik/.ssh2/id_dsa_2048_b.pub
The public and private keys are stored in the .ssh2 folder under your home directory. In this case, it is located under /home/jiyik/.ssh2 . We should not share the private key with anyone.
By default, a DSAssh-keygen2 key pair is generated . We can also use the command to generate an RSA key pair.ssh-keygen -t rsa
3. Give appropriate permissions to the .ssh2 directory
As shown below
[jiyik.com@local-host]$ chmod 755 ~/.ssh2/
[jiyik.com@local-host]$ chmod 644 ~/.ssh2/id_dsa_2048_b.pub
[jiyik.com@local-host]$ chmod 644 ~/.ssh2/authorization
4. Identify the private key on the client machine.
On the local host, add the private key to the SSH2 identity file as shown below. If the identity file does not exist, create a new file. If the file exists, append the private key file name generated in the above steps to the identity file in the format of "IdKey {private-key file-name}" as shown below.
[jiyik.com@local-host]$ cat /home/jiyik/.ssh2/identification
IdKey id_dsa_2048_a
IdKey id_dsa_2048_b
5. Copy the public key to the remote host.
Copy the /home/jiyik/.ssh2/id_dsa_2048_b.pub file from the local host to the remote host /home/jiyik/.ssh2/id_dsa_2048_b.pub . We can execute on the remote host vi /home/jiyik/.ssh2/id_dsa_2048_b.puband copy the contents of the public key from the local host.
[jiyik.com@remote-host]$ cat /home/jiyik/.ssh2/id_dsa_2048_b.pub
---- BEGIN SSH2 PUBLIC KEY ----
Subject: jsmith
Comment: "2048-bit dsa, jiyik@local-host, Sat Jun 21 2022 23:10:\
20 -0700"
BCDEB3NzaC1kc3MAAAEBAMNH6MnHGNzNcuXWuQrGljZsObQq5SknOpLOreXq2GVeSIspX0
S1q7W63VGVDBD9ZVvZzg3UhzsPp6m/WPS53QAxlpQvTLCepipl1LILeOZRnYw+xXzEGgqa
HggXhTy7Z1BMtB1dSlXT2Q1gdvRkvZ0hmlMXH0ktj7U81lKEkzYj8E/E1PZIJsBHAXbYms
q7ftNTd7Gf1mSfbWIG7NIyOZ4i2qSZpQayuvB3MFQXy8lz25NGVq18zoFV4THtzV6ABvHL
IJXEObZUgdUXJXQg49oeXvE6tyaqSUU7tUbp06ZgI/BcFGmbk9FDoC5gy30S5RBPpAJ5II
vsfksnJRt+8R0AAAAVAJcTY6u2Em0Eo5I7X6yL1W+Di+rpAAABAELiJqtn2flgjA926TQk
3af14zSGFHut5kZjsMKUf+3Jj3p5MTiWVglgwWYLXcrG258l5GVPzdgF2d7Z9Bu1RUsdBo
rU5LURvF1cZqC5V+9PD6hlH1iYuULUIbAaIfH6SXuk2KwQ/pEh1Q+lXUj6cCfLwe+yLcvZ
YKLGdi2MvurUKmVRik3RpaB9wcuKbLjkp1rFZGr9skDAc2hYfpM0uF+6UEz6LXWKIvLJeO
Iro6VL3MkJTxXb/Xu5/77TrT+Iz8+5cbALM3EdBOlJa1HcpPXnSKakB3Wo/Ljzf41GZPc/
Y6u09soNsnAHdv9y9gMhj1054sPwNCEJAy4eaWWsqkMAAAEBAL6eolWH4AGuB2/lPu79B0
ufgaU6BQfxED7rItf/lDhtsfHl77u6URxwQzvSV2CNJJ17WkdQoJmGfTVoSduNXOAgkQJU
woB1ALzUfugbzLVxMXWUlmoQjvyoo4G9LMDdyP5qCbFXKsqkpY16N9xcUap5PgmcoF+dCv
+hTjcC6f8j+BOy7zHYfyBnPGgSjKph9gjHyBEZiujPNkNmDXM+Mz7YeEd5HCtt1p55SBv6
wyePMAjf40ty7xcakj0Gk8c52W5yFwQjJw5EvruYW2s/1eNDXIY1IJOQKlUgOEQfon99a/
8NO0BWLNiSCNdr3uHFkr68jeusASRWWvfxYU6uZ9c=
---- END SSH2 PUBLIC KEY ----
6. Create an authorization file on the remote host
As shown below. This authorization file should contain the name of the public key that you copied from the local host to the remote host as described in the previous step. Note that the format of this file is "Key {public-key file-name}".
[jiyik.com@remote-host]$ cat /home/jiyik/.ssh2/authorization
Key id_dsa_2048_b.pub
7. Log in to remote-host from local-host and use SSH2 key authentication to verify whether it is normal.
[jiyik.com@local-host]$ ssh -l jiyik remote-host <You are on local-host here>
Passphrase for key "/home/jiyik/.ssh2/id_dsa_2048_b" with comment "2048-bit dsa, jiyik@local-host, Sat Jun 21 2022 23:10:20 -0700": <Enter your passphrase here>
Last login: Sat Jun 21 2022 23:13:00 -0700 from 192.168.1.102
No mail.
[jiyik.com@remote-host]$ <You are on remote-host here>
There are two ways to execute ssh and scp without entering a password:
- No password . When creating the key pair, leave the password blank. Use this option for automated batch processing. For example, if we are running a cron job to copy files between machines, this is a suitable choice. We can skip the subsequent steps of this method.
- Using a password and SSH agent . If we use ssh and scp interactively from the command line and we don't want to use a password every time we do ssh or scp, I don't recommend the previous option (no password) because we have eliminated a level of security in ssh key-based authentication. Instead, use a passphrase when creating a key pair and use an SSH agent to perform ssh and scp without having to enter a password every time, as described in the steps below.
8. Start SSH agent on local host to perform ssh and scp without entering password multiple times.
[jiyik.com@local-host]$ ssh-agent $SHELL
9. Load the private key into the SSH agent on the local host.
[jiyik.com@local-host]$ ssh-add
Adding identity: /home/jiyik/.ssh2/id_dsa_2048_b.pub
Need passphrase for /home/jiyik/.ssh2/id_dsa_2048_b (2048-bit dsa, jiyik@local-host, Sat Jun 22 2022 23:10:20 -0700).
Enter passphrase: <Enter your passphrase here>
10. Perform SSH or SCP from the local host to the remote host without entering a password.
[jiyik.com@local-host]$<You are on local-host here>
[jiyik.com@local-host]$ ssh -l jiyik remote-host
Last login: Sat Jun 07 2022 23:03:04 -0700 from 192.168.1.102
No mail.
<ssh did not ask for passphrase this time>
[jiyik.com@remote-host]$ <You are on remote-host here>
For reprinting, please send an email to 1244347461@qq.com for approval. After obtaining the author's consent, kindly include the source as a link.
Related Articles
How to use the Linux file remote copy command scp
Publish Date:2025/04/08 Views:151 Category:OPERATING SYSTEM
-
Scp copies files between two hosts over the network, and the data is encrypted during transmission. Its underlying layer uses ssh for data transmission. And it has the same authentication mechanism and the same security level as ssh. When u
Linux server svn remote code synchronization
Publish Date:2025/04/08 Views:79 Category:OPERATING SYSTEM
-
In the article "Building SVN Service Project and Synchronizing Code to Project Directory" , we briefly introduced how to use SVN to synchronize submitted code to the working directory. But there is a problem here, that is, the SVN service a
SSH key-based authentication setup from openSSH to SSH2
Publish Date:2025/04/07 Views:128 Category:OPERATING SYSTEM
-
Previous articles ( openSSH to openSSH setup , SSH2 to SSH2 setup ) explained how to set up key-based authentication on the same version of ssh to perform ssh and scp without entering a password. This article explains how to set up SSH key-
SSH and SCP without password on openSSH
Publish Date:2025/04/07 Views:61 Category:OPERATING SYSTEM
-
SSH key-based authentication has two levels of security. In order for us to log in, we need both the private key and the password. Even if one of them is compromised, the attacker still won’t be able to log into our account because both o
How to SSH and SCP from SSH2 to OpenSSH without a password
Publish Date:2025/04/07 Views:195 Category:OPERATING SYSTEM
-
In our previous article, we discussed how to set up ssh key-based authentication to perform ssh and scp without a password in the following three scenarios: OpenSSH to OpenSSH OpenSSH to SSH2 SSH2 to SSH2 In this article, I will explain how
How to Set Up a Reverse SSH Tunnel on Linux
Publish Date:2025/04/07 Views:197 Category:OPERATING SYSTEM
-
Reverse SSH is a technique that can be used to access a system (behind a firewall) from the outside. As we all know, SSH is a network protocol that supports encrypted communication between network nodes. Using this protocol, we can do secur
3 Steps to Perform Passwordless SSH Login Using ssh-keygen and ssh-copy-id
Publish Date:2025/04/07 Views:135 Category:OPERATING SYSTEM
-
As explained in this article, we can use ssky-keygen and ssh-copy-id to log in to a remote Linux server without a password in 3 simple steps. ssh-keygen Create public and private keys. ssh-copy-id Copy the local host's public key to the rem
Linux iptables: How to add firewall rules (taking SSH as an example)
Publish Date:2025/04/07 Views:193 Category:OPERATING SYSTEM
-
This article explains how to iptables -A add iptables firewall rules using the (append) command. -A for appending. If it makes it easier for us to remember -A as adding rules (rather than appending rules), then that's fine. However, remembe
Linux iptables: Incoming and Outgoing Rules Example (SSH and HTTP)
Publish Date:2025/04/07 Views:125 Category:OPERATING SYSTEM
-
In our previous article in the iptables firewall series, we reviewed how to iptables -A add firewall rules using . We also explained how to allow incoming SSH connections. At a high level, it involves the following 3 steps. Delete all exist
