Hello Everybody,

suppose that i have 2 systems Linux1 & Linux2 and on each server i have user test1 on Linux1 and test2 on Linux2.

now, i want to make user test1 on Linux1 access server Linux2 on user test2 without password.

the global idea is , i will generate public and private key on user test1 then i will transfer his public key to the other system on Linux2.

to generate Public & Private Key for User test1, i will use commands “ssh-keygen -t rsa”, see the following Steps:

[test1@Linux1 ~]$ id
uid=501(test1) gid=501(test1) groups=501(test1) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[test1@Linux1 ~]$ pwd
/home/test1

[test1@Linux1 ~]$ ls -la
total 28
drwx------. 4 test1 test1 4096 Oct  8 15:57 .
drwxr-xr-x. 4 root  root  4096 Oct  8 15:57 ..
-rw-r--r--. 1 test1 test1   18 May 30  2011 .bash_logout
-rw-r--r--. 1 test1 test1  176 May 30  2011 .bash_profile
-rw-r--r--. 1 test1 test1  124 May 30  2011 .bashrc
drwxr-xr-x. 2 test1 test1 4096 Nov 12  2010 .gnome2
drwxr-xr-x. 4 test1 test1 4096 Aug 29 16:11 .mozilla

[test1@Linux1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test1/.ssh/id_rsa):
Created directory '/home/test1/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test1/.ssh/id_rsa.
Your public key has been saved in /home/test1/.ssh/id_rsa.pub.
The key fingerprint is:
e8:75:02:99:c7:a0:91:d4:cc:83:62:bb:bb:21:1e:d2 test1@Linux1
The key's randomart image is:
+--[ RSA 2048]----+
|   .o*.          |
|  o oo==         |
| . o. +.o        |
|  .    +         |
|   .  . S .      |
| ..  . . o       |
|o.E.  .          |
|o.o.             |
| ...             |
+-----------------+

[test1@Linux1 ~]$ ls -la
total 32
drwx------. 5 test1 test1 4096 Oct  8 16:04 .
drwxr-xr-x. 4 root  root  4096 Oct  8 15:57 ..
-rw-r--r--. 1 test1 test1   18 May 30  2011 .bash_logout
-rw-r--r--. 1 test1 test1  176 May 30  2011 .bash_profile
-rw-r--r--. 1 test1 test1  124 May 30  2011 .bashrc
drwxr-xr-x. 2 test1 test1 4096 Nov 12  2010 .gnome2
drwxr-xr-x. 4 test1 test1 4096 Aug 29 16:11 .mozilla
drwx------. 2 test1 test1 4096 Oct  8 16:04 .ssh

[test1@Linux1 ~]$ cd .ssh

[test1@Linux1 .ssh]$ ls -ltr
total 8
-rw-r--r--. 1 test1 test1  394 Oct  8 16:04 id_rsa.pub
-rw-------. 1 test1 test1 1675 Oct  8 16:04 id_rsa
[test1@Linux1 .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnmIYq8OrPHfs02cidwJlGS+dezhFCMeyXb4KxsHRwBUiCle7VCkMDD8g2wK6jFiIT8C7GOkDVdLgDCsXjSwBqx9n1UfhQkzN1Tjqs0Cm/EQ8+/PIgxNNe06//zWoccKeiEmgAhZFi4VYn+AXepUcIi7SFnPcndV3qH+rbpbWF7DY0ByuuQsSOrq9xAbDzSyu7sYSrhiFuL3oSKHLAx+8TYqykflNi1A+SW+fsqanHkdHVStK1C09MJujaTmWL9NIiohf6ZvuqFlXD+Lpy5lq/k23HwJUF8OMRkxFZz2Q0Y7VsMZPt9iNYkshoSF1dOU6b1OtodaG/pvBdU3VcismLQ== test1@Linux1

then, i will transfer file “Linux1:/home/test1/.ssh/id_rsa.pub” to “Linux2:/home/test2/.ssh/authorized_keys”,

see the following commands on user test2:

[test2@Linux2 ~]$ id
uid=501(test2) gid=501(test2) groups=501(test2) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[test2@Linux2 ~]$ pwd
/home/test2

[test2@Linux2 ~]$ ls -la
total 28
drwx------. 4 test2 test2 4096 Oct  8 15:57 .
drwxr-xr-x. 4 root  root  4096 Oct  8 15:57 ..
-rw-r--r--. 1 test2 test2   18 May 30  2011 .bash_logout
-rw-r--r--. 1 test2 test2  176 May 30  2011 .bash_profile
-rw-r--r--. 1 test2 test2  124 May 30  2011 .bashrc
drwxr-xr-x. 2 test2 test2 4096 Nov 12  2010 .gnome2
drwxr-xr-x. 4 test2 test2 4096 Aug 29 16:11 .mozilla

[test2@Linux2 ~]$ mkdir .ssh

[test2@Linux2 ~]$ cd .ssh

[test2@Linux2 .ssh]$ ls -la
total 8
drwxrwxr-x. 2 test2 test2 4096 Oct  8 16:07 .
drwx------. 5 test2 test2 4096 Oct  8 16:07 ..

now transfer Public key from Linux1:/home/test1/.ssh/id_rsa.pub to Linux2:/home/test2/.ssh/authorized_keys

[test1@Linux1 .ssh]$ sftp test2@Linux2
Connecting to Linux2...
The authenticity of host 'linux2 (10.10.10.12)' can't be established.
RSA key fingerprint is 16:4c:2c:e4:63:d2:0b:cc:bb:db:26:c4:3c:b4:c1:c2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'linux2,10.10.10.12' (RSA) to the list of known hosts.
test2@linux2's password:
sftp> cd .ssh
sftp> put id_rsa.pub authorized_keys
Uploading id_rsa.pub to /home/test2/.ssh/authorized_keys
id_rsa.pub                                                                                                   100%  394     0.4KB/s   00:00
sftp> bye

be careful about permissions, on user test2 at Linux2, you must change permisions to be like the following :
– for test2 home directory (755)

[test2@Linux2 ~]$ ls -ld /home/test2
drwxr-xr-x. 5 test2 test2 4096 Oct  8 16:07 /home/test2

– for .ssh direcoty under test2 user (700)

[test2@Linux2 ~]$ ls -ld /home/test2/.ssh
drwx------. 2 test2 test2 4096 Oct  9 08:42 /home/test2/.ssh

– for authoruzed_keys file (644)

[test2@Linux2 .ssh]$ ls -l /home/test2/.ssh/authorized_keys
-rw-r--r--. 1 test2 test2 394 Oct  8 16:09 /home/test2/.ssh/authorized_keys

now try to login from Linux1 to Linux2 like the following :

[test1@Linux1 .ssh]$ hostname
Linux1
[test1@Linux1 .ssh]$ ssh test2@Linux2
Last login: Wed Oct  9 08:50:17 2013 from linux1
[test2@Linux2 ~]$ hostname
Linux2
[test2@Linux2 ~]$

Summary & Hints:
-what i do on the previous steps, i make user test1 on Linux1 Server login to user test2 on Linux2 without password, but user tes2 on Linux2 can’t login without password to user test1 on Linux1.

-only user test1 on Linux1 can login to user test2 on Linux2.

– if you need any user to login on any user without password (even on the same server using switch user), just put the public key of the first user to the correct path on the second user, and ofcourse the private key must be found on the first user.

I hope this article be useful for You.

Best Regards,
Saker

Wednesday, October 9th, 20139:11 amThis entry was posted on at and is filed under AIX, Linux, Solaris. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.