Post

Day 7 of 100 Days of Devops

Linux SSH Authentication

Posted Updated
By
2 min read
Day 7 of 100 Days of Devops

The Requirement is as follow

The system admins team of xFusionCorp Industries has set up some scripts on jump host that run on regular intervals and perform operations on all app servers in Stratos Datacenter. To make these scripts work properly we need to make sure the thor user on jump host has password-less SSH access to all app servers through their respective sudo users (i.e tony for app server 1). Based on the requirements, perform the following:

Set up a password-less authentication from user thor on jump host to all app servers through their respective sudo users.

SSH Keys are handy if you need to set up password less authentication.

Generate SSH Keys

ssh-keygen -t rsa -b 4096

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

thor@jumphost ~$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/thor/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/thor/.ssh/id_rsa
Your public key has been saved in /home/thor/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:FkpDj+/lCbsQ2NFdOkJwso6G9DlutLYLpqlqMetCJQk thor@jumphost.stratos.xfusioncorp.com
The key's randomart image is:
+---[RSA 4096]----+
|      +.o   .    |
|E    . O . o     |
|. o   * = +      |
| + + B = o .     |
|  + O = S .      |
| + + o + = .     |
|. * = . o o      |
|.* + . . .       |
|@.  o.  .        |
+----[SHA256]-----+

Copying SSH Keys to Host

There are many ways that we used to copy the keys to host like scp , sftp and so on. But I prefer ssh-copy-id because of declarative approach while other commands are general purpose of transferring files across machines and imperative process of copying and changing permissions.

1
2
3
4
5
6
7
8
9

thor@jumphost ~$ ssh-copy-id --help
/usr/bin/ssh-copy-id: illegal option -- -
Usage: /usr/bin/ssh-copy-id [-h|-?|-f|-n|-s] [-i [identity_file]] [-p port] [-F alternative ssh_config file] [[-o <ssh -o options>] ...] [user@]hostname
        -f: force mode -- copy keys without trying to check if they are already installed
        -n: dry run    -- no keys are actually copied
        -s: use sftp   -- use sftp instead of executing remote-commands. Can be useful if the remote only allows sftp
        -h|-?: print this help

Commands to run inside jump host

1
2
3

ssh-copy-id tony@strapp01 
ssh-copy-id steve@strapp02
ssh-copy-id banner@strapp03

Thats all of today , Thx Bye !

CS
DevOps Linux 100-Days-Of-DevOps
This post is licensed under CC BY 4.0 by the author.