I don't understand the theory properly, so I often forget it and check it many times. Ssh connection without password.
This post is just a reorganization of the contents of the easy-to-understand site that my seniors have uploaded in the past so that I can easily understand it. Thank you to all my seniors.
When sshing from one machine to multiple machines / various OS, I want to access without typing the password. The connection procedure using the public key is summarized with the idea of executing a remote command instead of simplifying a simple login.
The configuration assumed this time is as follows. [Connection source]
Machine | IP address |
---|---|
Linux(CentOS) | 192.168.10.100 |
【access point】
Machine | IP address |
---|---|
Linux(CentOS) | 192.168.10.101 |
VMware ESXi | 192.168.10.200 |
Windows 10 Pro | 192.168.10.201 |
On the connection source server, create a private key / public key pair and pass the public key to the connection destination. This is the only basic.
So, first log in to the connection source server and make a key pair. Log in to the connecting Linux as the root user. Then generate the key with the following command. If you want to make a key with rsa, you don't need to specify it.
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx root@hostname
You will be prompted to set a key storage file and passphrase. The default location for the key is /root/.ssh/id_rsa, so simply press Enter. The passphrase is empty because I want to use it for automation later. Simply press Enter.
Confirm that the key has been generated.
# cd .ssh
# ls
id_rsa id_rsa.pub known_hosts
You have a private key: id_rsa
and a public key: id_rsa.pub
.
First, the procedure for Linux (CentOS 7). It is assumed that sshd of the connection destination Linux server is enabled.
Pass the public key created at the connection source to the connection destination Linux.
I used scp to hand over the keys. Of course, at this stage, the public key is not used, so enter the password.
Run at the connection source
# scp /root/.ssh/id_rsa.pub [email protected]:/root/
Log in to the destination Linux as root and add the passed public key to .ssh / authorized_keys.
Run at the connection destination
# mkdir .ssh
# chmod 700 .ssh
# cat id_rsa.pub >> .ssh/authorized_keys
# rm id_rsa.pub
Modify a part of sshd_config of the connection destination.
Run at the connection destination
# vi /etc/ssh/sshd_config
Change only one place regarding public key authentication. Actually, just remove the # at the beginning.
Run at the connection destination
PubkeyAuthentication yes
After rewriting, restart the service.
# systemctl restart sshd
Now you can ssh access from the source Linux to the destination Linux without asking for a password.
Next, the settings for VMware ESXi 6.7 update 3.
The ESXi sshd service is disabled by default, so enable it.
--Open a browser and access the target ESXi.
--Open Host> Administration> Services.
--Select TSM-SSH and click Action.
--Select a policy and select Start and stop in conjunction with the host
.
--Keep TSM-SSH selected and click the Start
button.
This will start the sshd service, and the sshd service will come up the next time you restart ESXi.
Pass the public key created at the connection source to the connection destination ESXi. Again, pass it as scp.
sh:Run at the connection source
# scp /root/.ssh/id_rsa.pub [email protected]:/
Log in to the connection destination ESXi as root with ssh, and add the passed public key to / etc / ssh / keys-root / authorized_keys.
access point(ESXi)Run on
~] cat id_rsa.pub >> /etc/ssh/keys-root/authorized_keys
ESXi does not require a service restart. This is the end.
If you are using Windows 10 version 1803 or later, you can add the sshd service. The addition method is as follows.
--Right-click on the Start menu> click Settings
.
--Click Windows Settings> Apps
.
--Click Optional Features
in Apps and Features.
--Click Add Function``. --Select ʻOpenSSH Server
and click theInstall
button that appears.
--Close with the x button at the top right of the screen.
Since the service is not activated just by installing it, enable it by the following method.
--Enter "service" in the search box to search. Open the Service
screen.
--Service name: ʻOpenSSH Find SSH Serverand open its properties. --Startup type: Select
Auto` and click the Apply button and OK button.
Pass the public key created at the connection source to Windows 10 at the connection destination using scp again. The user name on Windows 10 is Tech.
Run at the connection source
# scp /root/.ssh/id_rsa.pub [email protected]:/
Now that the public key has been copied to Windows 10, we will operate it on the Windows 10 side.
Open PowerShell and write the received public key to .ssh/authorized_keys
below where the user's home is.
access point(Windows10)Run on
> mkdir .ssh
> cat C:\id_rsa.pub >> .ssh/authorized_keys
The configuration file is C: \ ProgramData \ ssh \ sshd_conf
. At first, I searched for where it was. .. ..
In this file, uncomment one place and comment two places.
Specifically, the setting to enable public key authentication and the setting to use only the Authorized Key files under the local control.
original
#PubkeyAuthentication yes
(abridgement)
Match Group administrators
AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
↓
After change
PubkeyAuthentication yes
(abridgement)
#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
After this, restart the sshd service.
Now you can ssh to Windows without a password.
https://qiita.com/Tanaaaaan/items/50c3f0ddc15c40b750d2 https://sig9.hatenablog.com/entry/2015/05/27/185218 http://ttm.jimba.ddo.jp/adiary.cgi/teraterm/0147 https://www.atmarkit.co.jp/ait/articles/1903/28/news005.html