Wednesday, October 7, 2015

SSH Key Authentication

Sometimes, we want to authenticate ourselves over SSH, but do not prefer to use passwords for authentication. Executing test scripts in a remote machine in an automated way, where we do not want to give passwords manually every time the local host connects with the remote host over SSH is just one such example.

But, how one should do that?


In this article, I would explain the steps from scratch using the example of executing automated test scripts in remote machine using SSH.





Installing SSH

I have a remote machine in my local network, having IP address 192.168.1.133. I would want to execute some local scripts in that machine and analyze the results. Both the systems are installed with Linux. So, I preferred using SSH.

Firstly, I would need to install ssh in both the machines.


# sudo apt-get install ssh


Now, I can login to the remote machine, from the local host.


# ssh user@192.168.1.133
Password:
#


I am able to login, the first step is done.



Copying test scripts in remote machine


Now, I would open another terminal and copy the local script to the remote machine.


# scp -p sample.sh user@192.168.1.133:/home/user/testsuites
Password:


Once I give the correct password, the script will be copied in the remote host.



Executing the test scripts in remote machine


Now, I would try to execute the script in the remote host.


# ssh user@192.168.1.133 /home/user/testsuite/sample.sh hello world
Password :
hello world


Here, the sample script looks something like this:


sample.sh

#!/bin/bash
echo -e "$1 $2"


So, if I execute the script with two command line arguments, it will print the arguments in a line.



Disadvantage of using passwords in SSH


I want to automate the whole procedure. i.e. I want to execute a script in my local machine, which would connect with the remote machine and execute the test scripts consecutively without any human interactions.


But, in the current setup there is a problem. I would have to give passwords every time the automated script residing in my local machine would connect to the remote machine for execution of any test script.



Using RSA Keys for authentication


If I use RSA keys for authentication in SSH, the problem would be solved. I would need to generate a RSA private-public key pair in my local machine and copy the public key to the remote machine over SSH. And then, every time my local machine would try to connect with the remote machine over SSH, the RSA keys will be used for authentication, instead of passwords.

The local host would first establish an SSH connection with the remote host and decide on the symmetric key using which the communication would be encrypted. And then, the local host would send the RSA key id. The remote host would verify the key id with the stored RSA public key and if matches, then the remote host would proceed with the authentication procedure.



Firstly, I would need to generate the RSA keys and copy the identification in remote host, so that while authenticating, it will use that information.


The steps are simple :

Firstly, I would generate RSA private-public key pair in my local host :


# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
******************* ad user@host
The key's randomart image is:
+--[ RSA 2048]----+
...
+-----------------+
#



Next, I would copy the identification in the remote host :


# ssh-copy-id user@192.168.1.133
user@192.168.1.133's password:
Now try logging into the machine, with "ssh 'user@192.168.1.133'", and check in:
~/.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.


#

And, it is almost done.



Executing the test scripts


Now, I can execute the test script in the remote host without giving password every time my machine connects with the remote host :


# ssh user@192.168.1.133 /home/user/testsuite/sample.sh hello world
hello world


So, now you can follow the simple steps above to authenticate to a remote host over SSH without using a password. 

No comments:

Post a Comment