Generating a new SSH key and adding it to the ssh-agent

After you have checked for existing SSH keys, you can generate a new SSH key to use for authentication, then add it to the ssh-agent. Thats more comfortable to use.

If you don’t already have an SSH key, you must generate a new SSH key. If you’re unsure whether you already have an SSH key, check for existing keys.

If you don’t want to re-enter your passphrase every time you use your SSH key, you can add your key to the SSH agent, which manages your SSH keys and remembers your passphrase, or yu generate a key whitch don’t need an Password (but not so much secure)

Generating a new SSH key

1. Open Terminal.

2. Paste the text below, substituting in your GitHub email address.

   ssh-keygen -t rsa -b 4096 -C "[email protected]"

   This creates a new ssh key, using the provided email as a label.

   Generating public/private rsa key pair.

3. When you are prompted to “Enter a file in which to save the key,” press Enter. This accepts the default file location.

   Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter]

4. At the prompt, type a secure passphrase. For more information, see: “Working wiht ssh key passphrases”.

   Enter passphrase (empty for no passphrase): [Type a passphrase] Enter same passphrase again: [Type passphrase again]

Adding your SSH key to the ssh-agent (Linux)

Before adding a new SSH key to the ssh-agent to manage your keys, you should have checked for existing ssh keys and generated a new ssh key.

1. Start the ssh-agent in the background.

   eval "$(ssh-agent -s)" Agent pid 59566

2. Add your SSH private key to the ssh-agent. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_rsa in the command with the name of your private key file.

   ssh-add ~/.ssh/id_rsa

How to establish passwordless ssh between two servers

Step by step guide to establish passwordless ssh in two Unix or Linux servers. Authenticate securely using public and private keys.

If you are working in an infra where there are hundreds of Linux or Unix servers running, then you must be having big time while managing them. To deal with such large number of servers, passwordless ssh becomes an must do practice. Once can achieve remote execution of scripts, commands, sync files via scp etc tasks with passwordless ssh very easily.

Password less ssh is not compromising on security. You will be using pair of user generated keys for authentication so your security is not compromised. Its totally secured, only thing is you are being authenticated already saved keys rather than human entered password. This removes dependency of entering password and hence automatize whole process non-interactively.

Also read : Run commands on multiple linux servers from Windows machine in one go

Lets see how to setup password less ssh between two servers:

Step 1:

Create your SSH key pair on source machine. This is machine from which you will be doing passwordless SSH to destination machine.

Use below command :

ssh-keygen -t rsa
    	Generating public/private rsa key pair.
    Enter file in which to save the key (/home/tux4/.ssh/id_rsa):
    	Created directory '/home/tux4/.ssh'.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:

Your identification has been saved in /home/tux4/.ssh/id_rsa.

Your public key has been saved in /home/tux4/.ssh/id_rsa.pub.

The key fingerprint is: ad:1e:14:a5:cd:77:15:29:9f:75:ee:4f:a4:8f:f5:64 tux4@server1

The key’s randomart image is:

        +--[ RSA 2048]----+
        |          .   ...|
        |         =  . .oo|
        |        o o .o.+.|
        |         o . .o o|
        |        S .    + |
        |       . .    . E|
        |        o      *+|
        |       . .    . +|
        |        .        |
        +-----------------+

Note that your key pair is id_rsa and id_rsa.pub files in shown directories. Your id_rsa is private key which will reside on source machine. id_rsa.pub is public key which reside on destination machine. When SSH attempt is made from source to destination, protocol checks these both keys from source and destination. If they match then connection will be established without asking password.

Step 2:

Now, we need to copy id_rsa.pub key on destination machine. It should be copied to home directory of intended user in destination server. It should reside under ~/.ssh/ (i.e. home directory/.ssh/) and with name authorized_keys. You can copy file using shell or any other file transfer program.

If you are trying from source machine using ssh then use below commands:

ssh [email protected] "mkdir ~/.ssh"
        The authenticity of host '10.10.5.12 (10.10.5.12)' can't be established.
        RSA key fingerprint is 08:6c:51:09:0c:4c:69:34:84:ef:08:af:68:df:5e:26.
        Are you sure you want to continue connecting (yes/no)? yes
        Warning: Permanently added '10.10.5.12' (RSA) to the list of known hosts.
    [email protected]'s password:
    
cat .ssh/id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys'
    [email protected]'s password:
    
ssh [email protected] "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
    [email protected]'s password:

Here, first command create .ssh directory on destination machine. Second command copies id_rs.pub file’s content to destination machine under file ~/.ssh/authorized_keys and last command sets proper permissions.

Step 3:

You are done! Try SSH from source to destination and it will be through without password!

ssh [email protected] Last login: Mon Oct 4 22:59:00 2017 from 10.10.5.11 [tux4@server2 ~]$

This method works for all Linux and Unix variants for SSH protocol. You can also configure it for different users on source and destination. One machine can have more than one authorized key (one key for one source machine), thats why we have concatenated id_rsa.pub content to authorized_keys file (not overwrite).