The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
To be able to use the OpenSSH utilities to access a remote system without supplying a password each time that you connect:
Use ssh-keygen to generate a public and private key pair, for example:
$
ssh-keygen
Generating public/private rsa key pair. Enter file in which to save the key (/home/user
/.ssh/id_rsa):<Enter>
Created directory '/home/user
/.ssh'. Enter passphrase (empty for no passphrase):<Enter>
Enter same passphrase again:<Enter>
...Press
Enter
each time that the command prompts you to enter a passphrase.Use the ssh-copy-id script to append the public key in the local
~/.ssh/id_rsa.pub
file to the~/.ssh/authorized_keys
file on the remote system, for example:$
ssh-copy-id
remote_user
@host
remote_user
@host
's password:
Now try logging into the machine, with "ssh 'remote_password
remote_user
@host
'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.When prompted, enter your password for the remote system.
The script also changes the permissions of
~/.ssh
and~/.ssh/authorized_keys
on the remote system to disallow access by your group.You can now use the OpenSSH utilities to access the remote system without supplying a password. As the script suggests, you should use ssh to log into the remote system to verify that the
~/.ssh/authorized_keys
file contains only the keys for the systems from which you expect to connect. For example:$
ssh
remote_user
@host
Last login: Thu Jun 13 08:33:58 2013 fromlocal_host
host
$cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6OabJhWABsZ4F3mcjEPT3sxnXx1OoUcvuCiM6fg5s/ER ... FF488hBOk2ebpo38fHPPK1/rsOEKX9Kp9QWH+IfASI8q09xQ==local_user
@local_host
host
$logout
Connection tohost
closed. $Verify that the permissions on the remote
~/.ssh
directory and~/.ssh/authorized_keys
file allow access only by you:$
ssh
total 4 drwx------+ 2remote_user
@host
ls -al .sshremote_user
group
5 Jun 12 08:33 . drwxr-xr-x+ 3remote_user
group
9 Jun 12 08:32 .. -rw-------+ 1remote_user
group
397 Jun 12 08:33 authorized_keys $ssh
# file: .ssh # owner:remote_user
@host
getfacl .sshremote_user
# group:group
user::rwx group::--- mask::rwx other::--- $ssh
# file: .ssh/authorized_keys # owner:remote_user
@host
getfacl .ssh/authorized_keysremote_user
# group:group
user::rw- group::--- mask::rwx other::---If necessary, correct the permissions:
$
ssh
$remote_user
@host
'umask 077; /sbin/restorecon .ssh'ssh
remote_user
@host
'umask 077; /sbin/restorecon .ssh/authorized_keys'NoteIf your user names are the same on the client and the server systems, you do not need to specify your remote user name and the
@
symbol.If your user names are different on the client and the server systems, create a
~/.ssh/config
file with permissions 600 on the remote system that defines your local user name, for example:$
ssh
$remote_user
@host
echo -e "Host *\\\nUserlocal_user
" '>>' .ssh/configssh
Host * Userremote_user
@host
cat .ssh/configlocal_user
$ssh
remote_user
@host
'umask 077; /sbin/restorecon .ssh/config'You should now be able to access the remote system without needing to specify your remote user name, for example:
$
ssh
-rw-------+ 1host
ls -l .ssh/configremote_user
group
37 Jun 12 08:34 .ssh/config $ssh
# file: .ssh/config # owner:host
getfacl .ssh/configremote_user
# group:group
user::rw- group::--- mask::rwx other::---
For more information, see the ssh-copy-id(1)
,
ssh-keygen(1)
, and
ssh_config(5)
manual pages.