Installing and Configuring ssh

I install openssh server and sort out the configuration of ssh so I can login to other machines locally without a password. This is a security risk! I also want to use Xwindows programs installed and run on one machine while actually running on another, hence the ForwardX11 bit. Also considered a security risk by some.

To allow a user to login, via ssh, to another another machine without the need for a password, you need to update the authorised keys file on the destination machine. You need to pass over to the destination machine the public key held in ~/.ssh/, for the user on the starting machine. It is the same as allowing my front door to accept the front door key of my friend.

Installing openssh use yum you may as well make sure the the client software is also installed at the same time.

sudo apt-get install openssh-client openssh-server

Make sure the ssh daemon has started up.

sudo service sshd restart

Now that is up and running lets get the users public and private keys generated. When you run the first command below it will ask you for a file name, just press return unless you have good reason to rename it. I guess if you do you will not be reading this in the first place 😉

You will then be asked for a pass phrase, unless you are running the ssh-key agent just press return. I add the line to the config file to enable forwarding and finally copy my public key to the authorised key file, creating that file in the process.

ssh-keygen -t rsa 
cd ~/.ssh 
echo ForwardX11=yes > ~/.ssh/config 
cp authorized_keys 
chmod 600 ~/.ssh/config  ~/.ssh/authorized_keys

You can either hand copy the public key to other machines logging in to each machine and copy & paste the keys. OR you can use the command below for each machine which you could script with a “for i in machine1 machine2 …” loop.

As the user who’s keys you want to transfer simply run the command below

ssh-copy-id -l username@machine

If the user name is the same on both machine you can omit the username@ part.

Now test that you can actually ssh to/from your machines without a password. No need to reboot or logout. If you cannot you did it wrong.

If you entered a pass phrase when you created the private/public keys you will have to enter that every time you want to access the keys. You can add the pass phrase to the ssh-key agent by running ssh-add as the user not root. This will prompt you for the pass phrase once and will allow access to the keys without further prompting.

To enable this so you are asked when you log in add it to the list of start up services for your user.

That is it you are all done!

This is a security risk, only do this if you accept this and are willing to take the chance. Remember it was your choice to do this not mine!

Leave a Reply

Your email address will not be published. Required fields are marked *