SSH authorization by key (certificate) in Centos

There is a virtual infrastructure based on Proxmox, where one virtual server acts as the main server (dev, nginx-proxy) and has an external IP. And there are a bunch of additional virtual servers.

A task: you need to configure the ability to log in from the dev-server to other servers using internal IP addresses without entering a password.

Connect to dev server and create public and private keys

[[email protected]]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rHLydfgdfgdfgcvbcvbcvbG3GM9tosDSERPfsEW8 [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|^/o. .           |
|*[email protected]=o o          |
|.*+*o+ E         |
|+.+ o o.         |
|+o.  .  S        |
|+.     .         |
|..  o.o.         |
|  . .=. .        |
|  .o  ..         |
+----[SHA256]-----+

As a result of the command execution, 2 files were generated in the ~ / .ssh / directory

  • id_rsa.pub – public key
  • id_rsa – The secret key

We copy our public key to the server, to which we will connect without entering a password

[[email protected]]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

We check:

[[email protected]]# ssh [email protected]
Last login: Wed Oct  2 09:48:44 2019 from 192.168.12.2
[[email protected] ~]# ll .ssh
total 9
-rw------- 1 root root 396 Oct  2 09:48 authorized_keys
-rw-r--r-- 1 root root 193 Sep 19 10:47 known_hosts

The authorized_keys file appeared on the server to which we passed the public key. The content of this file is the content of the public key.

Thus, using the command ssh-copy-id you can transfer the public key to all servers to which we will subsequently connect.

Sidebar