So to make a long story short, these are the steps:
On the host you want to do this from, do the following:
cd ~/.ssh
ssh-keygen -t rsa
scp /root/.ssh/id_rsa.pub remote-host:/root/.ssh/authorized_keys
This is what it will look like:
[root@linuxhost101 ~]# cd ~/.ssh
[root@linuxhost101 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
5f:27:29:4e:d9:87:99:02:5e:e7:ba:86:1e:7a:9d:c8 root@linuxhost101.domain.net
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . . . |
| . o = = |
| S = X o |
| + = + |
| ..++. |
| .E.+. |
| .o... |
+-----------------+
[root@linuxhost101 .ssh]#
Then in the above example, I wante to copy this to another 64 hosts:
[root@linuxhost101 .ssh]# scp /root/.ssh/id_rsa.pub linuxhost102:/root/.ssh/authorized_keys
The authenticity of host 'linuxhost102 (10.22.176.2)' can't be established.
RSA key fingerprint is 1d:fa:90:54:9b:a3:59:a7:f9:12:85:09:0a:67:1b:d2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'linuxhost102' (RSA) to the list of known hosts.
Red Hat Enterprise Linux Server release 6.2 (Santiago)
Kernel 2.6.32-220.el6.x86_64 on an x86_64
Password:
id_rsa.pub 100% 416 0.4KB/s 00:00
[root@linuxhost101 .ssh]# scp /root/.ssh/id_rsa.pub linuxhost103:/root/.ssh/authorized_keys
That's it, now when you ssh or scp anything to the 2nd host from the first, it will not prompt you for a password.
Of course if you want to do this from more than one host, then just add to the authorized_keys file rather than overwriting it....
(like this: cat .ssh/id_rsa.pub | ssh root@192.168.3.102 'cat >> .ssh/authorized_keys'
IMPORTANT There is a bug in CentOS 6 / SELinux that results in all client presented certificates to be ignored when SELinux is set to Enforcing. To fix this simply:
[root@linux01 ~]# ssh root@192.168.3.102 'restorecon -R -v /root/.ssh'
Then it will work.
Or you can just disable selinux altogether at /etc/selinux/config : (you would then need to reboot)
* Addition: if you wanted to do this for multiple hosts, you could add the following in ~/.ssh/config:
Host *
StrictHostKeyChecking no
or from command line: ssh -o StrictHostKeyChecking=no
You then won't be prompted about whether you trust the host you are connecting to.
No comments:
Post a Comment