What Did I Learn Today

My experience, Your solution

252 Digital UK services

Copyright © 2024
License

Install Jekyll on Windows Remote control SQL Server service

SH user equivalence

Sun, Mar 13, 2016 · 2 minute read
linux

Setting up user equivalence between two servers.
OK, I didn’t exactly learn this today but I don’t do this often enough to remember it.
It was just time to make my notes a bit more permanent.

Two important do’s -

  1. Do disable remote access to the root account.
  2. Do not do this for the root user.

Create required directory and set permissions

$ cd ~
$ mkdir .ssh
$ chmod 700 .ssh
$ cd .ssh

Create private and public keys

Note that I don’t use a passphrase. Repeat these two steps on all nodes,
or just on the first node if you are only setting up one-way equivalence.

$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
...

$ /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:

Remaining steps on first node only.

Append the public keys to authorized_keys file

$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

Add keys for local server to known hosts

Not

IP=local-server-name
if [ -z `ssh-keygen -F $IP` ] && { ssh-keyscan -H $IP >> ~/.ssh/known_hosts }

Append public keys to remote server

For one-way equivalence, append public keys to remote authorized_keys file, e.g.

$ cat ~/.ssh/id_rsa.pub | ssh user@remote-server 'cat >> ~/.ssh/authorized_keys'
The authenticity of host 'remote-server (10.x.x.x)' can't be established.
RSA key fingerprint is d0:14:...
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.x.x.x' (RSA) to the list of known hosts.
user@remote-server's password:

Repeat for id_dsa.pub.

Append public keys from other node(s)

$ ssh user@remote-server cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'remote-server (10.x.x.x)' can't be established.
RSA key fingerprint is d0:14:...
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.x.x.x' (RSA) to the list of known hosts.
user@remote-server's password:

$ ssh user@remote-server cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
user@remote-server's password:

Set permissions of authorized_keys

$ chmod 600 ~/.ssh/authorized_keys

Copy public keys file to other node(s)

$ scp ~/.ssh/authorized_keys user@remote-server:/home/remote-user/.ssh
user@remote-server's password:

Should all be working

$ ssh remote-server date
Wed Feb 16 07:58:32 EST 2016
Comment on this article using form below. Requires email login only for authentication. HTML forbidden, Markdown only.