referred to http://www.atmarkit.co.jp/flinux/rensai/linuxtips/447nonpassh.html
Both SSH server and SSH client are CentOS6.4.
I have already installed openssh on both boxes.
SSH server allows accesses from remote boxes with root user.
on the SSH server, create keys
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
|
here are keys
# pwd
/root/.ssh
# ls id*
id_rsa id_rsa.pub
|
id_rsa: private key
id_rsa.pub: public key
on the SSH server, make authorized_keys by using id_rsa.pub key.
# cat id_rsa.pub >> ~/.ssh/authorized_keys
# chmod 600 ~/.ssh/authorized_keys
|
copy id_rsa key to SSH client from SSH server.
confirm the key is the same on both boxes.
on the SSH server
# md5sum id_rsa
a79523e3e7cdbe1fbfc822d26f80b427 id_rsa
|
on the SSH client
# md5sum id_rsa
a79523e3e7cdbe1fbfc822d26f80b427 id_rsa
|
on the SSH client, start ssh-agent
# ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-muDsy12684/agent.12684; export SSH_AUTH_SOCK;
SSH_AGENT_PID=12685; export SSH_AGENT_PID;
echo Agent pid 12685;
|
on the client, add id_rsa key.
error..
# ssh-add id_rsa
Could not open a connection to your authentication agent.
|
Googling this error, the solutions on this seems to be:
stop ssh-agent daemon
# ps aux | grep ssh-agent | grep -v grep
root 12685 0.0 0.0 57360 708 ? Ss 16:23 0:00 ssh-agent
# kill 12685
|
start ssh-agent again.
Okey, I was able to add id_rsa
# eval `ssh-agent -s`
Agent pid 12709
# ssh-add id_rsa
Enter passphrase for id_rsa:
Identity added: id_rsa (id_rsa)
# ssh-add -l
2048 xx:xx:xx id_rsa (RSA)
|
access to the server.
required to enter password..
# ssh root@192.168.10.211 'whoami'
root@192.168.10.211's password:
root
|
Oops, I need to use hostname instead of IP
# ssh root@sshserver 'whoami'
root
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.