<img alt="" src="https://secure.hiss3lark.com/167682.png" style="display:none;">
  • share

A blog about software development best practices, how-tos, and tips from practitioners.

How to Create Keyless SSH Authentication between Linux Instances

How to Create Keyless SSH Authentication between Linux Instances

Business today evolves with evolving technologies, business strategies, concepts, and tools. Business process automation is one such trend that revolutionized the handling of repetitive tasks throughout the organization. Automation supports the businesses to grow and enhance the way they operate, by improving the production time.

In an automated job, the process running on root machine may have to access any of remote machines for fetching details from them or executing programs on them. However, the remote machines are the password protected. By automating the login process to a remote machine, several hours of manual work can be eliminated. Here we propose an approach that connects two Linux machines without direct user interventions.

A very common approach is accessing the remote machine via SSH (Secure Shell) protocol. This method ensures a secure remote login from one machine to another with strong authentication. It also secures the communication and ensures integrity through strong encryption. It comes as an alternative to insecure file transfer methods like FTP and non-protected login protocols like rlogin and telnet. In SSH protocol; authentication can be achieved through public-key authentication or password authentication.

Here we choose public-key authentication since it is primarily used for automation. The public key authentication helps you log in from one machine to another using ssh -i parameter with “.pem” key file.

  • ssh -i “abc.pem” user@ip

However, our intention is logging the remote system without passing -i parameter (key file) in ssh command – the keyless SSH authentication system.

SSH Connection between two Linux Machines

SSH protocol offers Linux users easy console access to any machine over a network. The best way to enhance the SSH experience on your Linux is to empower the Root SSH login.

For security reasons, SSH disables the Root by default. In the case of handling a considerable number of machines and requirement of constant root access for running automation scripts, you must turn on this feature.

First, log in to the machine you want to enable Root over SSH. You need to add remote machine user account. Open up a terminal and add the new user.

  • useradd USERNAME
  • passwd PASSWORD

Once, the authentication tokens are updated, you need to enable root login. Elevate the connection to root access by login through su.

  • sudo su -

The sudo (Super User Do) temporarily elevates your regular user privileges for administrative tasks. Next using the vi, open up the configuration file of the SSH server as shown below:

  • vi sshd_config

Look through the config file and catch the lines “PermitRootLogin” as well as “PasswordAuthentication”, they may have value as no and change that to yes.

  • PasswordAuthentication yes
  • PermitRootLogin yes

Now that, your Root login is enabled and in order to apply these changes, restart your SSH daemon.

  • service sshd restart

By enabling root login, you can now login to another remote system with its user name that you have added in the beginning.

  • ssh new_user@ip

However, remember that we have enabled the password authentication to ensure security; hence, it will ask you to enter the password. The next step we need to concentrate on is removing password dependency.

Log in to the remote server

  • ssh root_user@ip

Again, elevate the connection to the root access

  • sudosu –

To permit the new_user to execute all commands through sudo without a password, you need to open the sudoers file in the vi editor:

  • vi /etc/sudoers

And, enter the following command, which can allocate the new user with root privileges

  • new_user ALL=(ALL) NOPASSWD: ALL

On configuring this sudo command, logout from the root user and try to log in with the new user name without a password.

  • ssh new_user@ip

As of now, you can log in to the remote system with a new user name without a password. However, we need to configure the system, which allows you to log in without user interaction, and the system should not ask for a password. You should be in the new user’s home directory, check it with below command.

  • pwd
  • /home/new_user

To ensure secure automation, generate SSH keys for new_user

  • ssh-keygen

This command by default creates public and private key files in /home/new_user/.ssh/ name with id_rsa and id_rsa.pub.

Once the keys are generated, you need to share them with another machine for keyless authentication.

  • ssh-copy-id -i [Path of id_rsa.pub of local / host machine]new_user@private_ip_of another machine

Through these steps, you can enjoy keyless connections between two AWS instances/ Linux machines. As the username and password are not required during login, you can log into the remote machine using automation tools or from within scripts, which you want to run unattended. The SSH protocol is secure and you can now transfer any sensitive files and data to your remote system.

Generic-CTA-01

Like what you just read? Get Latest content delivered straight to your inbox.