Configuring an SSH connection based on public key authentication can be very useful to script and automatize tasks. This way the SSH sessions can be non-interactive.
This is the particular example to configure a Nagios system to connect to a Checkpoint VSX, but can be used to connect to any system with SSHD daemon running.
So, in this case we want to connect from the 'debiannagios' host and 'nagios' user to the checkpoint 'VSX1' host and 'admin' user
A password based connection would be…
nagios@debiannagios:~$ ssh admin@vsx1
This system is for authorized use only.
admin@vsx1's password:
Last login: Tue Nov 10 17:20:28 2015 from 10.2.2.2
[Expert@vsx1:0]#But we dont to be prompted for the password.
So, to enable public key authentication, let's follow this steps:
Create the key pair (without passphrase):
nagios@debiannagios:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/run/nagios3/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/run/nagios3/.ssh/id_rsa.
Your public key has been saved in /var/run/nagios3/.ssh/id_rsa.pub.
The key fingerprint is:
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX nagios@debiannagios
The key's randomart image is:
+--[ RSA 2048]----+
|..o ... |
|.. o . o |
...
...Let's see the recently created key files:
nagios@debiannagios:~$ ls /var/run/nagios3/.ssh/id_rsa* -l
-rw------- 1 nagios nagios 1675 2015-11-10 17:21 /var/run/nagios3/.ssh/id_rsa
-rw-r--r-- 1 nagios nagios 401 2015-11-10 17:21 /var/run/nagios3/.ssh/id_rsa.pubid_rsa is the private key
id_rsa.pub is the public key
Now, we must add the public key into the .ssh/.authorized_keys of the checkpoint system 'admin' user.
But, first of all, we'll try to create the .ssh directory and assign it the proper permissions (maybe it already exists. No problem anyway)
nagios@debiannagios:~$ ssh admin@vsx1 'mkdir -p .ssh'
This system is for authorized use only.
admin@vsx1's password:
nagios@debiannagios:~$ ssh admin@vsx1 'chmod 700 .ssh/'
This system is for authorized use only.
admin@vsx1's password:
nagios@debiannagios:~$Now we can add the public key to the authorized_keys file…
nagios@debiannagios:~$ …and assign it the permissions
nagios@debiannagios:~$ ssh admin@vsx1 'chmod 700 .ssh/authorized_keys'
This system is for authorized use only.
admin@vsx1's password:
nagios@debiannagios:~$Trying to stablish an ssh connects now we realize there is no password prompt!!
nagios@debiannagios:~$ ssh admin@vsx1
This system is for authorized use only.
Last login: Tue Nov 10 17:30:07 2015 from 10.2.2.2This steps, excluding the generation of the keys (command ssh-keygen) can be repeated to configure the public-key based authentication ssh connections with other hosts
In future posts I'll explain nagios to checkpoint checks that will use this ssh non-interactive connections
