SSH Key-Pair

----

SSH Key-Pair Authentication

[1]

Configure SSH server to login with Key-Pair Authentication.

Create a private key for client and a public key for server to do it.

Create Key-Pair by each user, so login with a common user on SSH Server Host and work like follows.

SSH Passwordless Login in Linux

Setup EnvironmentSSH Client : 192.168.0.12 ( Fedora 34 )SSH Remote Host : 192.168.0.11 ( CentOS 8 )
set up SSH password-less automatic login from server 192.168.0.12 as user tecmint to 192.168.0.11 with user sheena.

First login into server 192.168.0.12 with user tecmint and generate a pair of public keys using the following command.

Step 1: Create Authentication SSH-Keygen Keys on – (192.168.0.12)# ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/tecmint/.ssh/id_rsa): [Press enter key]Created directory '/home/tecmint/.ssh'.Enter passphrase (empty for no passphrase): [Press enter key]Enter same passphrase again: [Press enter key]Your identification has been saved in /home/tecmint/.ssh/id_rsa.Your public key has been saved in /home/tecmint/.ssh/id_rsa.pub.The key fingerprint is:5f:ad:40:00:8a:d1:9b:99:b3:b0:f8:08:99:c3:ed:d3 tecmint@tecmint.comThe key's randomart image is:+--[ RSA 2048]----+| ..oooE.++|| o. o.o || .. . || o . . o|| S . . + || . . . o|| . o o ..|| + + || +. |+-----------------+

Step 2: Upload SSH Key to – 192.168.0.11

Use SSH from server 192.168.0.12 and upload a new generated public key (id_rsa.pub) on server 192.168.0.11 under sheena‘s .ssh directory as a file name authorized_keys.

# ssh-copy-id sheena@192.168.0.11

Step 3: Test SSH Passwordless Login from 192.168.0.12

From now onwards you can log into 192.168.0.11 as sheena user from server 192.168.0.12 as a tecmint user without a password.

# ssh sheena@192.168.0.11

------------------X----------------------

SSH Login Without Password on CentOS and RHEL.

This steps tested on CentOS 5/6/7, RHEL 5/6/7 and Oracle Linux 6/7.

Node1 : 192.168.0.9 -> Local Server

Node2 : 192.168.0.10 -> Remot Server

Step One : Test the connection and access from node1 to node2 :

[root@node1 ~]# ssh root@192.168.0.10

The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.

RSA key fingerprint is 6d:8f:63:9b:3b:63:e1:72:b3:06:a4:e4:f4:37:21:42.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.

root@192.168.0.10's password:

Last login: Thu Dec 10 22:04:55 2015 from 192.168.0.1

[root@node2 ~]#

Step Two : Generate public and private keys using ssh-key-gen. Please take note that you can increase security by protecting the private key with a passphrase.

[root@node1 ~]# ssh-keygen

Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:b4:51:7e:1e:52:61:cd:fb:b2:98:4b:ad:a1:8b:31:6d root@node1.ehowstuff.localThe key's randomart image is:+--[ RSA 2048]----+| . ++ || o o o || o o o . || . o + .. || S . . || . .. .|| o E oo.o || = ooo. || . o.o. |+-----------------+

Step Three : Copy or transfer the public key to remote-host using ssh-copy-id command. It will append the indicated identity file to ~/.ssh/authorized_keys on node2 :

[root@node1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.0.10

root@192.168.0.10's password:

Now try logging into the machine, with "ssh '192.168.0.10'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Step Four : Try SSH login without Password to node2 :

[root@node1 ~]# ssh root@192.168.0.10

Last login: Sun Dec 13 14:03:20 2015 from www.ehowstuff.local

I hope this article gives you some ideas and quick guide on how to setup SSH login without password on Linux CentOS / RHEL.

------------------------------------------------

# ssh root@192.168.0.1 -p 2244

# scp -r root@192.168.123.33:/root/Music/* /root/zz/

# scp -P 2322 file.txt remote_username@10.10.0.2:/remote/directory

remote server IP TO own server

scp -r root@203.169.11.254:/home/u1/Maildir/new/* /home/u1/Maildir/new/

Remote server IP TO own server

scp -r root@worldcm.net:/home/kamal/Maildir/cur/* /home/u1/Maildir/cur/ --> # inbox mail [ mail show Runing Time]

chown -R u1:u1 /home/u1/Maildir/cur/ -->#[own server]

# cd /home [ if mail box coppy]

chown -R mamun:mamun mamun

/home/mamun/Maildir/cur [mail inbox ]

/home/mamun/Maildir/.Sent/cur [send mail]

-------------Rsync ---------------

# yum -y install rsync*

Copying the SSH-Key to the Remote Host

# ssh-copy-id -i /root/.ssh/id_rsa.pub root@mail.abcd.com [ copy file to remote server]

# ssh-copy-id -i /root/.ssh/authorized_keys root@mail.abcd.com

Port: 2526

ssh-copy-id -i /root/.ssh/id_rsa.pub '-p 2526 root@192.168.117.2'

ssh-copy-id -i /root/.ssh/authorized_keys '-p 2526 root@192.168.117.2'

Verifying the Login Without Password

# ssh root@mail.abcd.com [no need passwd]

Simple File Transfer Examples

# rsync /home/simple.txt root@x.x.x.x:/home# rsync root@x.x.x.x:/home/pullme.txt /home

Directory File Transfer

# rsync -rt /home/transfer_me root@x.x.x.x:/home

Copy/Sync a Directory on Local Computer

# rsync -avzh /root/rpmpkgs /tmp/backups/

Copy a Directory from Local Server to a Remote Server

# rsync -avzh /root/rpmpkgs root@192.168.0.141:/root/

Copy/Sync a Remote Directory to a Local Machine

# rsync -avzh root@192.168.0.141:/root/rpmpkgs /tmp/myrpms

Copy a File from a Remote Server to a Local Server with SSH

# rsync -avzhe ssh root@192.168.0.141:/root/anaconda-ks.cfg /tmp

Use of –include and –exclude Options# rsync -avze ssh --include 'R*' --exclude '*' root@192.168.0.141:/var/lib/rpm/ /root/rpm

rsync -avzhe ssh root@103.182.196.55:/home/accesstel/Maildir/cur/*.* /home/accesstel/Maildir/cur

rsync -avzhe ssh root@103.182.196.55:/home/accesstel/Maildir/.Sent/cur/*.*

----------------------------

rsync -avzhe 'ssh -p 7575' root@192.168.117.2:/home/ithelpdesk/Maildir/cur/*.* /home/ithelpdesk/Maildir/cur

rsync -avzhe 'ssh -p 7575' root@192.168.117.2:/home/ithelpdesk/Maildir/.Sent/cur/*.* /home/ithelpdesk/Maildir/.Sent/cur

/home/accesstel/Maildir/.Sent/cur

# rsync -v -e 'ssh -p1070' root@10.10.10.2:/home/test.txt /home

# rsync -v -e 'ssh -p2222' /home/test.txt root@10.10.10.2:/home

----- Coppy Fron remote Server to Client--------------------

rsync -arvz -e "ssh -p 7575" root@192.168.123.33:/root/Music/* /root/zz/

rsync -arvzhe "ssh -p 7575" root@192.168.123.33:/root/Music/* /root/zz/

rsync -avz -e 'ssh -p 1234' user@your-remote-server.com:/home/user/dir/
Transfer Files remote server to local:# rsync -avz your-user@your-remote-server.com:/home/user/dir/ /home/user/local-dir/
standard SSH port:# rsync -avz -e 'ssh -p 2510' your-user@your-remote-server.com:/home/user/dir/ /home/user/local-dir/
Different port other than 22. Therefore we can use the ‘-e’ option to set the listening ssh port as follows.# rsync -arvz -e "ssh -p 522" /home/centos/sample-dir remote-user@IP-address:/path/to/directory/
use ‘-i’ option to set identity file to authenticate with remote servers as follows.# rsync -arvz -e "ssh -p 522 -i /home/centos/identity.pem" /home/centos/sample-dir remote-user@IP-address:/path/to/directory/

Automatically Delete source Files After Successful Transfer# rsync --remove-source-files -zvh backup.tar.gz root@192.168.0.151:/tmp/backups/

-------------------

scp -r root@192.168.123.33:/root/Music/* /root/zz/

Step 4: Connect to SSH server on port # 2022 using SSH command:

ssh -p PortNumberHere user@server-name-here

ssh -p PortNumberHere user@server-name-here commandNameHere

ssh -p 2022 XYZ@192.168.1.5

ssh -p 2022 XYZ@192.168.1.5 df

To connect to an SSH server on port # 2022 using scp command type:

scp -P PortNumberHere source user@server-name-here:/path/to/dest

scp -P 2022 resume.pdf XYZ@nas01:/backups/personal/XYZ/files/

To connect to an SSH server on port # 2022 using sftp command type:

sftp -P PortNumberHere user@server-name-here

sftp -P 2022 XYZ@192.168.1.5

To connect to SSH server on port # 2022 using rsync command type:

Change SSH port number with rsync command:

sync -av -e 'ssh -p PORT-NUMBER-HERE' source user@server-name

So, to backup /home/XYZ to server1.XYZ.net.in at port number 2022, enter:

rsync -av -e 'ssh -p 2022' /home/XYZ/ backupop@server1.XYZ.net.i

# create key-pair

[cent@dlp ~]$ ssh-keygen

Generating public/private rsa key pair. Enter file in which to save the key (/home/cent/.ssh/id_rsa): # Enter or input changes if you want Created directory '/home/cent/.ssh'. Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty) Enter same passphrase again: Your identification has been saved in /home/cent/.ssh/id_rsa. Your public key has been saved in /home/cent/.ssh/id_rsa.pub. The key fingerprint is: SHA256:+EGzR05q/tnbBNmyaPOfsipDYz9ZAD6OrH4VmzfssPY cent@dlp.srv.world The key's randomart image is: ..... .....

[cent@dlp ~]$ ll ~/.ssh

total 8 -rw-------. 1 cent cent 1876 Sep 29 20:34 id_rsa -rw-r--r--. 1 cent cent 400 Sep 29 20:34 id_rsa.pub

[cent@dlp ~]$ mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

[2]

Transfer the private key created on the Server to a Client, then it's possbile to login with Key-Pair authentication.

[cent@node01 ~]$ mkdir ~/.ssh

[cent@node01 ~]$ chmod 700 ~/.ssh

# transfer the private key to the local ssh directory

[cent@node01 ~]$ scp cent@dlp.srv.world:/home/cent/.ssh/id_rsa ~/.ssh/

cent@dlp.srv.world's password: id_rsa 100% 1876 193.2KB/s 00:00

[cent@node01 ~]$ ssh cent@dlp.srv.world

Enter passphrase for key '/home/cent/.ssh/id_rsa': # passphrase if you set Activate the web console with: systemctl enable --now cockpit.socket Last login: Sun Sep 29 20:33:58 2019

[cent@dlp ~]$ # logined

[3]

If you set [PasswordAuthentication no], it's more secure.

[root@dlp ~]# vi /etc/ssh/sshd_config

# line 73: change to [no]

PasswordAuthentication no

[root@dlp ~]# systemctl restart sshd

-