SSH Key-Pair
----
SSH Key-Pair Authentication
[1]
Configure SSH server to login with Key-Pair Authentication.
Create a private key for client and a public key for server to do it.
Create Key-Pair by each user, so login with a common user on SSH Server Host and work like follows.
SSH Passwordless Login in Linux
Setup EnvironmentSSH Client : 192.168.0.12 ( Fedora 34 )SSH Remote Host : 192.168.0.11 ( CentOS 8 )set up SSH password-less automatic login from server 192.168.0.12 as user tecmint to 192.168.0.11 with user sheena.
First login into server 192.168.0.12 with user tecmint and generate a pair of public keys using the following command.
Step 1: Create Authentication SSH-Keygen Keys on – (192.168.0.12)# ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/tecmint/.ssh/id_rsa): [Press enter key]Created directory '/home/tecmint/.ssh'.Enter passphrase (empty for no passphrase): [Press enter key]Enter same passphrase again: [Press enter key]Your identification has been saved in /home/tecmint/.ssh/id_rsa.Your public key has been saved in /home/tecmint/.ssh/id_rsa.pub.The key fingerprint is:5f:ad:40:00:8a:d1:9b:99:b3:b0:f8:08:99:c3:ed:d3 tecmint@tecmint.comThe key's randomart image is:+--[ RSA 2048]----+| ..oooE.++|| o. o.o || .. . || o . . o|| S . . + || . . . o|| . o o ..|| + + || +. |+-----------------+Step 2: Upload SSH Key to – 192.168.0.11
Use SSH from server 192.168.0.12 and upload a new generated public key (id_rsa.pub) on server 192.168.0.11 under sheena‘s .ssh directory as a file name authorized_keys.
# ssh-copy-id sheena@192.168.0.11
Step 3: Test SSH Passwordless Login from 192.168.0.12
From now onwards you can log into 192.168.0.11 as sheena user from server 192.168.0.12 as a tecmint user without a password.
# ssh sheena@192.168.0.11
------------------X----------------------
SSH Login Without Password on CentOS and RHEL.
This steps tested on CentOS 5/6/7, RHEL 5/6/7 and Oracle Linux 6/7.
Node1 : 192.168.0.9 -> Local Server
Node2 : 192.168.0.10 -> Remot Server
Step One : Test the connection and access from node1 to node2 :
[root@node1 ~]# ssh root@192.168.0.10
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.
RSA key fingerprint is 6d:8f:63:9b:3b:63:e1:72:b3:06:a4:e4:f4:37:21:42.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.
root@192.168.0.10's password:
Last login: Thu Dec 10 22:04:55 2015 from 192.168.0.1
[root@node2 ~]#
Step Two : Generate public and private keys using ssh-key-gen. Please take note that you can increase security by protecting the private key with a passphrase.
[root@node1 ~]# ssh-keygen
Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:b4:51:7e:1e:52:61:cd:fb:b2:98:4b:ad:a1:8b:31:6d root@node1.ehowstuff.localThe key's randomart image is:+--[ RSA 2048]----+| . ++ || o o o || o o o . || . o + .. || S . . || . .. .|| o E oo.o || = ooo. || . o.o. |+-----------------+Step Three : Copy or transfer the public key to remote-host using ssh-copy-id command. It will append the indicated identity file to ~/.ssh/authorized_keys on node2 :
[root@node1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.0.10
root@192.168.0.10's password:
Now try logging into the machine, with "ssh '192.168.0.10'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
Step Four : Try SSH login without Password to node2 :
[root@node1 ~]# ssh root@192.168.0.10
Last login: Sun Dec 13 14:03:20 2015 from www.ehowstuff.local
I hope this article gives you some ideas and quick guide on how to setup SSH login without password on Linux CentOS / RHEL.
------------------------------------------------
# ssh root@192.168.0.1 -p 2244
# scp -r root@192.168.123.33:/root/Music/* /root/zz/
# scp -P 2322 file.txt remote_username@10.10.0.2:/remote/directory
remote server IP TO own server
scp -r root@203.169.11.254:/home/u1/Maildir/new/* /home/u1/Maildir/new/
Remote server IP TO own server
scp -r root@worldcm.net:/home/kamal/Maildir/cur/* /home/u1/Maildir/cur/ --> # inbox mail [ mail show Runing Time]
chown -R u1:u1 /home/u1/Maildir/cur/ -->#[own server]
# cd /home [ if mail box coppy]
chown -R mamun:mamun mamun
/home/mamun/Maildir/cur [mail inbox ]
/home/mamun/Maildir/.Sent/cur [send mail]
-------------Rsync ---------------
# yum -y install rsync*Copying the SSH-Key to the Remote Host
# ssh-copy-id -i /root/.ssh/id_rsa.pub root@mail.abcd.com [ copy file to remote server]
# ssh-copy-id -i /root/.ssh/authorized_keys root@mail.abcd.com
Port: 2526
ssh-copy-id -i /root/.ssh/id_rsa.pub '-p 2526 root@192.168.117.2'
ssh-copy-id -i /root/.ssh/authorized_keys '-p 2526 root@192.168.117.2'
Verifying the Login Without Password
# ssh root@mail.abcd.com [no need passwd]
Simple File Transfer Examples
# rsync /home/simple.txt root@x.x.x.x:/home# rsync root@x.x.x.x:/home/pullme.txt /homeDirectory File Transfer
# rsync -rt /home/transfer_me root@x.x.x.x:/home
Copy/Sync a Directory on Local Computer
# rsync -avzh /root/rpmpkgs /tmp/backups/
Copy a Directory from Local Server to a Remote Server
# rsync -avzh /root/rpmpkgs root@192.168.0.141:/root/
Copy/Sync a Remote Directory to a Local Machine# rsync -avzh root@192.168.0.141:/root/rpmpkgs /tmp/myrpms
Copy a File from a Remote Server to a Local Server with SSH# rsync -avzhe ssh root@192.168.0.141:/root/anaconda-ks.cfg /tmp
Use of –include and –exclude Options# rsync -avze ssh --include 'R*' --exclude '*' root@192.168.0.141:/var/lib/rpm/ /root/rpmrsync -avzhe ssh root@103.182.196.55:/home/accesstel/Maildir/cur/*.* /home/accesstel/Maildir/cur
rsync -avzhe ssh root@103.182.196.55:/home/accesstel/Maildir/.Sent/cur/*.*
----------------------------
rsync -avzhe 'ssh -p 7575' root@192.168.117.2:/home/ithelpdesk/Maildir/cur/*.* /home/ithelpdesk/Maildir/cur
rsync -avzhe 'ssh -p 7575' root@192.168.117.2:/home/ithelpdesk/Maildir/.Sent/cur/*.* /home/ithelpdesk/Maildir/.Sent/cur
/home/accesstel/Maildir/.Sent/cur
# rsync -v -e 'ssh -p1070' root@10.10.10.2:/home/test.txt /home
# rsync -v -e 'ssh -p2222' /home/test.txt root@10.10.10.2:/home
----- Coppy Fron remote Server to Client--------------------
rsync -arvz -e "ssh -p 7575" root@192.168.123.33:/root/Music/* /root/zz/
rsync -arvzhe "ssh -p 7575" root@192.168.123.33:/root/Music/* /root/zz/
rsync -avz -e 'ssh -p 1234' user@your-remote-server.com:/home/user/dir/
Transfer Files remote server to local:# rsync -avz your-user@your-remote-server.com:/home/user/dir/ /home/user/local-dir/
standard SSH port:# rsync -avz -e 'ssh -p 2510' your-user@your-remote-server.com:/home/user/dir/ /home/user/local-dir/
Different port other than 22. Therefore we can use the ‘-e’ option to set the listening ssh port as follows.# rsync -arvz -e "ssh -p 522" /home/centos/sample-dir remote-user@IP-address:/path/to/directory/
use ‘-i’ option to set identity file to authenticate with remote servers as follows.# rsync -arvz -e "ssh -p 522 -i /home/centos/identity.pem" /home/centos/sample-dir remote-user@IP-address:/path/to/directory/
Automatically Delete source Files After Successful Transfer# rsync --remove-source-files -zvh backup.tar.gz root@192.168.0.151:/tmp/backups/
-------------------
scp -r root@192.168.123.33:/root/Music/* /root/zz/
Step 4: Connect to SSH server on port # 2022 using SSH command:
ssh -p PortNumberHere user@server-name-here
ssh -p PortNumberHere user@server-name-here commandNameHere
ssh -p 2022 XYZ@192.168.1.5
ssh -p 2022 XYZ@192.168.1.5 df
To connect to an SSH server on port # 2022 using scp command type:
scp -P PortNumberHere source user@server-name-here:/path/to/dest
scp -P 2022 resume.pdf XYZ@nas01:/backups/personal/XYZ/files/
To connect to an SSH server on port # 2022 using sftp command type:
sftp -P PortNumberHere user@server-name-here
sftp -P 2022 XYZ@192.168.1.5
To connect to SSH server on port # 2022 using rsync command type:
Change SSH port number with rsync command:
sync -av -e 'ssh -p PORT-NUMBER-HERE' source user@server-name
So, to backup /home/XYZ to server1.XYZ.net.in at port number 2022, enter:
rsync -av -e 'ssh -p 2022' /home/XYZ/ backupop@server1.XYZ.net.i
# create key-pair
[cent@dlp ~]$ ssh-keygen
Generating public/private rsa key pair. Enter file in which to save the key (/home/cent/.ssh/id_rsa): # Enter or input changes if you want Created directory '/home/cent/.ssh'. Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty) Enter same passphrase again: Your identification has been saved in /home/cent/.ssh/id_rsa. Your public key has been saved in /home/cent/.ssh/id_rsa.pub. The key fingerprint is: SHA256:+EGzR05q/tnbBNmyaPOfsipDYz9ZAD6OrH4VmzfssPY cent@dlp.srv.world The key's randomart image is: ..... .....
[cent@dlp ~]$ ll ~/.ssh
total 8 -rw-------. 1 cent cent 1876 Sep 29 20:34 id_rsa -rw-r--r--. 1 cent cent 400 Sep 29 20:34 id_rsa.pub
[cent@dlp ~]$ mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
[2]
Transfer the private key created on the Server to a Client, then it's possbile to login with Key-Pair authentication.
[cent@node01 ~]$ mkdir ~/.ssh
[cent@node01 ~]$ chmod 700 ~/.ssh
# transfer the private key to the local ssh directory
[cent@node01 ~]$ scp cent@dlp.srv.world:/home/cent/.ssh/id_rsa ~/.ssh/
cent@dlp.srv.world's password: id_rsa 100% 1876 193.2KB/s 00:00
[cent@node01 ~]$ ssh cent@dlp.srv.world
Enter passphrase for key '/home/cent/.ssh/id_rsa': # passphrase if you set Activate the web console with: systemctl enable --now cockpit.socket Last login: Sun Sep 29 20:33:58 2019
[cent@dlp ~]$ # logined
[3]
If you set [PasswordAuthentication no], it's more secure.
[root@dlp ~]# vi /etc/ssh/sshd_config
# line 73: change to [no]
PasswordAuthentication no
[root@dlp ~]# systemctl restart sshd
-