Posted inUS_1

Unlock Server Potential: Passwordless SSH and What You Can Do After

No Comments

Secure Shell (SSH) is a cornerstone of server management, providing a secure channel to control your remote machines. Imagine the efficiency of accessing your server without the constant interruption of password prompts. This is the power of passwordless SSH login, achieved through SSH keys. Let’s clarify the process of setting this up and explore what becomes possible once you can seamlessly SSH into your server.

The confusion often arises when generating and distributing SSH keys. You have two key files after running ssh-keygen, and it’s not immediately obvious which machine needs which key. For secure, passwordless access from your server (SRV) to your NAS, the key generation process should originate from SRV.

Here’s a step-by-step guide to set up passwordless SSH from your SRV (Ubuntu 14.04) to your NAS, even if your NAS is a less common Linux distribution and lacks ssh-copy-id.

  1. Generate SSH Key Pair on SRV:

    Log in to your SRV machine via SSH. Open your terminal and execute the following command:

    ssh-keygen

    This command generates a pair of keys: id_rsa (private key) and id_rsa.pub (public key) in the ~/.ssh/ directory of your user on SRV. The private key must be kept secret and secure on SRV. The public key is what you will share with your NAS. When prompted to “Enter passphrase (empty for no passphrase)”, you can press Enter twice to set up passwordless login without a passphrase.

  2. Copy the Public Key to NAS:

    The next step is to get the id_rsa.pub file from SRV to your NAS and append its content to the authorized_keys file in the ~/.ssh/ directory on your NAS. Since ssh-copy-id is not available on NAS, you’ll need to do this manually.

    You can use scp (secure copy) to transfer the public key. From your SRV terminal, run:

    scp ~/.ssh/id_rsa.pub user@NAS_IP_address:/tmp/

    Replace user with your username on NAS and NAS_IP_address with the actual IP address or hostname of your NAS. This command securely copies the id_rsa.pub file to the /tmp/ directory on your NAS.

  3. Append Public Key to Authorized Keys on NAS:

    Now, SSH into your NAS using your password:

    ssh user@NAS_IP_address

    Once logged into NAS, you need to create the .ssh directory and the authorized_keys file if they don’t exist, and then append the content of the transferred id_rsa.pub file. Run these commands on your NAS:

    mkdir -p ~/.ssh
cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys
rm /tmp/id_rsa.pub
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

    These commands do the following:

    • mkdir -p ~/.ssh: Creates the .ssh directory if it doesn’t exist.
    • cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys: Appends the content of id_rsa.pub to authorized_keys.
    • rm /tmp/id_rsa.pub: Deletes the temporary public key file.
    • chmod 700 ~/.ssh: Sets permissions for the .ssh directory (important for security).
    • chmod 600 ~/.ssh/authorized_keys: Sets permissions for the authorized_keys file (important for security).

  4. Test Passwordless SSH:

    Now, from your SRV terminal, try to SSH into your NAS:

    ssh user@NAS_IP_address

    You should now be logged into your NAS without being prompted for a password.

Troubleshooting:

If you are still prompted for a password, double-check the following:

  • Permissions: Ensure the .ssh directory on NAS has permissions 700 and authorized_keys file has 600.
  • File Content: Verify that the content of ~/.ssh/authorized_keys on NAS contains the entire content of id_rsa.pub from SRV.
  • Usernames: Make sure you are using the correct username for both SRV and NAS in your SSH commands.

What Can You Do After Passwordless SSH?

Once passwordless SSH is set up, your server management workflow becomes significantly smoother and more efficient. You can automate numerous tasks, including:

  • Automated Backups: Securely back up data from your server to your NAS or vice versa without manual password entry.
  • Scripted Deployments: Deploy applications and updates to your server via scripts that rely on SSH for remote execution, streamlining your development pipeline.
  • File Synchronization: Use tools like rsync or scp in scripts to automatically synchronize files between your servers.
  • Remote Command Execution: Execute commands on your NAS from your SRV, or vice versa, for system administration and monitoring tasks, all without password prompts.

Passwordless SSH is not just about convenience; it’s about unlocking the true potential of your servers by enabling secure automation and efficient remote management. By correctly setting up SSH keys, you pave the way for a more streamlined and powerful server experience.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *