lost and found ( for me ? )

CentOS6.4 ssh-agent : access to SSH servers without entering password

referred to http://www.atmarkit.co.jp/flinux/rensai/linuxtips/447nonpassh.html

Both SSH server and SSH client are CentOS6.4.
I have already installed openssh on both boxes.
SSH server allows accesses from remote boxes with root user.

on the SSH server, create keys
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:

here are keys
# pwd

# ls id*
id_rsa  id_rsa.pub

id_rsa: private key
id_rsa.pub: public key

on the SSH server, make authorized_keys by using id_rsa.pub key.
# cat id_rsa.pub >> ~/.ssh/authorized_keys
# chmod 600 ~/.ssh/authorized_keys

copy id_rsa key to SSH client from SSH server.

confirm the key is the same on both boxes.

on the SSH server
# md5sum id_rsa
a79523e3e7cdbe1fbfc822d26f80b427  id_rsa

on the SSH client
# md5sum id_rsa
a79523e3e7cdbe1fbfc822d26f80b427  id_rsa

on the SSH client, start ssh-agent
# ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-muDsy12684/agent.12684; export SSH_AUTH_SOCK;
echo Agent pid 12685;

on the client, add id_rsa key.
# ssh-add id_rsa
Could not open a connection to your authentication agent.

Googling this error, the solutions on this seems to be:

stop ssh-agent daemon
# ps aux | grep ssh-agent | grep -v grep
root     12685  0.0  0.0  57360   708 ?        Ss   16:23   0:00 ssh-agent
# kill 12685

start ssh-agent again.
Okey, I was able to add id_rsa
# eval `ssh-agent -s`
Agent pid 12709

# ssh-add id_rsa
Enter passphrase for id_rsa:
Identity added: id_rsa (id_rsa)

# ssh-add -l
2048 xx:xx:xx id_rsa (RSA)

access to the server.
required to enter password..
# ssh root@ 'whoami'
root@'s password:

Oops, I need to use hostname instead of IP
# ssh root@sshserver 'whoami'

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.