To login to a remote system you would ssh to the remote system with “ssh <hostname>” or if you want to run a command on the remote system you would run “ssh <hostname> <command>”. Both of these commands will ask you for the password on the remote system and there are certain situations whereby you do not want this, you want to be trusted by the remote system and not be asked for a password. Follow this procedure to be trusted by the remote system.
- On the local system, run “ssh-keygen” and accept all defaults and do not put in a password to generate the public and private keys for the local server.
[root@server1 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: c5:35:f8:36:15:07:0b:f1:02:bc:78:ee:47:f6:7a:7e email@example.com The key's randomart image is: +--[ RSA 2048]----+ | ...=.oo.| | .oo +.o | | .oo..o | | ..o +. | | So . . | | . o | | . o . | | . . o E| | ..+.. | +-----------------+
- Now we need to copy the public key to the remote system
[root@server1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub server2 The authenticity of host 'server2 (10.1.2.3)' can't be established. RSA key fingerprint is 53:26:f3:01:67:91:f7:88:d3:99:f8:36:ed:df:85:45. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'server2,10.1.2.3' (RSA) to the list of known hosts. *** WARNING *** You have accessed a computer operated by my company. To use this computer you require written authorisation from my company and are strictly limited in your system usage, as documented in the authorisation. Unauthorised access or misuse of this system is forbidden and will constitute an offence under the Computer Misuse Act 1990. If you are not sure you are authorised to use this computer, log out immediately. root@server2's password: Now try logging into the machine, with "ssh 'server2'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
You should now be able to run “ssh <hostname>” or “ssh <hostname> <command>
TIP: If you want to get rid of the login banner when you run a command remotely, use “ssh -q <hostname> <command>”