On the server1, create a user user01 with password user01:
# useradd user01 # passwd user01
On the server2, create the same user with password user01:
# useradd user01 # passwd user01
On the server1, connect as this new user:
# su - user01
Generate a private/public pair for key-based authentication (here rsa key with 2048 bits and no passphrase):
[user01@server1 ~]$ ssh-keygen -b 2048 -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user01/.ssh/id_rsa): Created directory '/home/user01/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user01/.ssh/id_rsa. Your public key has been saved in /home/user01/.ssh/id_rsa.pub. The key fingerprint is: e7:75:b5:b4:01:d6:6d:b4:59:92:65:c9:2d:8c:db:a6 user01@server1.example.com The key's randomart image is: +-----[ RSA 2048]-------+ | =++O| | o =*B| | o B.| | . +.+| | S . .o.o | | o .E. | | . | | | | | +-----------------------+
Send the key to the server2 machine:
[user01@server1 ~]$ ssh-copy-id -i .ssh/id_rsa.pub user01@server2.example.com The authenticity of host 'server2.example.com (192.168.1.20)' can't be established. RSA key fingerprint is 82:62:75:f9:80:06:58:91:ec:71:12:c1:4c:ce:d9:9b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'server2.example.com,192.168.1.20' (RSA) to the list of known hosts. user01@server2.example.com's password: Now try logging into the machine, with "ssh 'user01@server2.example.com'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
On the server2, edit the /etc/ssh/sshd_config file and set the following options:
PasswordAuthentication no PubkeyAuthentication yes
Restart the sshd service:
# service sshd restart
On the server1 as user01, connect to the server2:
[user01@server1 ~]$ ssh server2.example.com
Leave a Reply
You must be logged in to post a comment.