linux:debian:ssh-key-transfer
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| linux:debian:ssh-key-transfer [2023/09/07 16:24] – [Setup ssh-key exchange] oscar | linux:debian:ssh-key-transfer [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Setup ssh-key exchange ====== | ||
| - | It is possible to automatically login in a ssh session on a remote system, without entering a password. Also copying files with scp without password is possible. To make this possible a public ssh key needs to be exchanged between the source and the target system. | ||
| - | On the source system an ssh key pair is generated. The public key is transferred to the target system and will be used to validate the login attempt that is signed with the private key. | ||
| - | ===== Key Generation ===== | ||
| - | ==== On the Target System ==== | ||
| - | As root on the target machine, use ssh-keygen to generate a public/ | ||
| - | < | ||
| - | # cd /root/.ssh | ||
| - | # ssh-keygen -t rsa -b 2048 | ||
| - | --------------------------------------------------- | ||
| - | # Generating public/ | ||
| - | Enter file in which to save the key (/ | ||
| - | Enter passphrase (empty for no passphrase): | ||
| - | Enter same passphrase again: | ||
| - | Your identification has been saved in / | ||
| - | Your public key has been saved in / | ||
| - | </ | ||
| - | As a password, you would type nothing (just enter). This will save the public key in / | ||
| - | |||
| - | ==== On the Client System ==== | ||
| - | This might not be necessary if the client key has already be created for other targets, so you can reuse it. Repeat the above steps for the user ' | ||
| - | < | ||
| - | $ cd / | ||
| - | $ ssh-keygen -t rsa -b 2048 | ||
| - | --------------------------------------------------- | ||
| - | # Generating public/ | ||
| - | Enter file in which to save the key (/ | ||
| - | Enter passphrase (empty for no passphrase): | ||
| - | Enter same passphrase again: | ||
| - | Your identification has been saved in / | ||
| - | Your public key has been saved in / | ||
| - | </ | ||
| - | After this the file ~/ | ||
| - | Make a copy of the public key to make it recognizable. | ||
| - | |||
| - | ===== Key Exchange ===== | ||
| - | To allow the client to ssh to the target system as root, you need to place the client' | ||
| - | * Manual | ||
| - | * With ' | ||
| - | ==== Key transfer - Manual ==== | ||
| - | Append client' | ||
| - | === On the Target System === | ||
| - | Get the public key from the client system and add it to the ' | ||
| - | # cd /root/.ssh | ||
| - | # scp oscar@192.168.xx.xx:/ | ||
| - | # touch ~/ | ||
| - | # cat client_id_rsa.pub >> ~/ | ||
| - | # rm client_id_rsa.pub | ||
| - | |||
| - | === On the Client System === | ||
| - | You need to place the target' | ||
| - | < | ||
| - | $ scp root@192.168.xx.xx:/ | ||
| - | $ touch ~/ | ||
| - | $ cat ~/ | ||
| - | $ rm target-key.pub | ||
| - | </ | ||
| - | Or symply try to ssh from client to target as root. The key will be placed automatically in known_hosts file. | ||
| - | |||
| - | ==== Key transfer - with ssh-copy-id ==== | ||
| - | Copy your keys to the target system: | ||
| - | < | ||
| - | $ ssh-copy-id -i id_rsa.pub root@targetsystem | ||
| - | |||
| - | remoteusername@targetsystem' | ||
| - | </ | ||
| - | Now try logging into the machine, with ssh ' | ||
| - | |||
| - | / | ||
| - | or | ||
| - | / | ||
| - | or on openwrt: | ||
| - | / | ||
| - | | ||
| - | ===== Test ===== | ||
| - | This should now work from the server to the client: | ||
| - | $ ssh root@192.168.xx.xx | ||
| - | If everything went ok, you should be logged in directly without a password prompt. | ||
linux/debian/ssh-key-transfer.1694103875.txt.gz · Last modified: by oscar