Linux   Linux: SSH connection without password (RSA public-key)



Configuring an SSH connection based on public key authentication can be very useful to script and automatize tasks. This way the SSH sessions can be non-interactive.

This is the particular example to configure a Nagios system to connect to a Checkpoint VSX, but can be used to connect to any system with SSHD daemon running.

So, in this case we want to connect from the 'debiannagios' host and 'nagios' user to the checkpoint 'VSX1' host and 'admin' user

A password based connection would be…

nagios@debiannagios:~$ ssh admin@vsx1
This system is for authorized use only.
admin@vsx1's password:
Last login: Tue Nov 10 17:20:28 2015 from 10.2.2.2
[Expert@vsx1:0]#

But we dont to be prompted for the password.
So, to enable public key authentication, let's follow this steps:

Create the key pair (without passphrase):

nagios@debiannagios:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/run/nagios3/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/run/nagios3/.ssh/id_rsa.
Your public key has been saved in /var/run/nagios3/.ssh/id_rsa.pub.
The key fingerprint is:
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX nagios@debiannagios
The key's randomart image is:
+--[ RSA 2048]----+
|..o       ...    |
|.. o     . o     |
...
...

Let's see the recently created key files:

nagios@debiannagios:~$ ls /var/run/nagios3/.ssh/id_rsa* -l
-rw------- 1 nagios nagios 1675 2015-11-10 17:21 /var/run/nagios3/.ssh/id_rsa
-rw-r--r-- 1 nagios nagios  401 2015-11-10 17:21 /var/run/nagios3/.ssh/id_rsa.pub

id_rsa is the private key
id_rsa.pub is the public key

Now, we must add the public key into the .ssh/.authorized_keys of the checkpoint system 'admin' user.

But, first of all, we'll try to create the .ssh directory and assign it the proper permissions (maybe it already exists. No problem anyway)
 

nagios@debiannagios:~$ ssh admin@vsx1 'mkdir -p .ssh'
This system is for authorized use only.
admin@vsx1's password:

nagios@debiannagios:~$ ssh admin@vsx1 'chmod 700 .ssh/'
This system is for authorized use only.
admin@vsx1's password:
nagios@debiannagios:~$

Now we can add the public key to the authorized_keys file…

nagios@debiannagios:~$ cat /var/run/nagios3/.ssh/id_rsa.pub | ssh admin@vsx1 'cat >> .ssh/authorized_keys'
This system is for authorized use only.
admin@vsx1's password:

…and assign it the permissions

nagios@debiannagios:~$ ssh admin@vsx1 'chmod 700 .ssh/authorized_keys'
This system is for authorized use only.
admin@vsx1's password:
nagios@debiannagios:~$

Trying to stablish an ssh connects now we realize there is no password prompt!!

nagios@debiannagios:~$ ssh admin@vsx1
This system is for authorized use only.
Last login: Tue Nov 10 17:30:07 2015 from 10.2.2.2

This steps, excluding the generation of the keys (command ssh-keygen) can be repeated to configure the public-key based authentication ssh connections with other hosts

In future posts I'll explain nagios to checkpoint checks that will use this ssh non-interactive connections

Leave a Reply

Your email address will not be published. Required fields are marked *