untuk login ssh tanpa password pada linux yang perlu dilakukan :
- generated key ssh client (defaultnya tercipta id_rsa. dan id_rsa.pub.)
- kopikan public key ssh (defaultnya id_rsa.pub) yang telah digenerated ke server target (folder root .ssh/authorized_keys )
ok kita mulai
- kita akan menggunakan command promt / terminal PC B untuk masuk ke SSH PC A secara remote(tanpa login SSH PCA)
- pc client yang sudah terinstal ssh (pc client untuk akses ssh tanpa password),kita sebut komputer B
- server utama yang sudah terinstal ssh(target ssh), kita sebut komputer A
pada komputer b kita generated sshnya dengan perintah
ssh-keygen -t rsa
apis@apis-desktop:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/apis/.ssh/id_rsa):
/home/apis/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/apis/.ssh/id_rsa.
Your public key has been saved in /home/apis/.ssh/id_rsa.pub.
The key fingerprint is:
d3:6b:59:a0:6d:73:bf:9f:e1:d0:bb:6e:c7:1e:33:c8 apis@apis-desktop
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| + . |
| S = o |
| o *..o |
| + E.B |
| . ooX|
| +O=|
+-----------------+
apis@apis-desktop:~$
default pembentukan ini menggunakan RSA dapat kita ketahui dari command promt /terminal seperti diatas
Akan terbentuk 2 key defaultnya tercipta id_rsa. dan id_rsa.pub. , id_rsa merupakan private key yang
harus disimpan di komputer kita dan tidak boleh diketahui oleh orang lain.Orang yang mempunyai private
key ini bisa login ke SSH Server yang di dalamnya sudah tersimpan public key pasangannya.
nah yang akan kita copykan adalah public keynya yaitu id_rsa.pub.
kemudian kita copy ke komputer a dengan perintah
ssh-copy-id 'root@ip_server_target -p nomorport'
root@apis:~# ssh-copy-id 'root@10.0.102.20 -p 22'
The authenticity of host '10.0.102.20 (10.0.102.20)' can't be established.
RSA key fingerprint is c4:85:41:44:e7:3e:fe:f1:37:4e:d4:7e:e3:4b:e7:64.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': y
Please type 'yes' or 'no': yes
Warning: Permanently added '10.0.102.20' (RSA) to the list of known hosts.
root@10.0.102.20's password:
Now try logging into the machine, with "ssh 'root@10.0.102.20 -p 22'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
root@apis:~#
selain itu kita dapat menggunakan scp untuk mengcopi
scp fileasal filesumber
scp /home/apis/.ssh/id_rsa.pub root@10.0.102.20:/home/ulp
masuk ke server taget dan kopikan manual agar tidak tereplace
sehingga public key yang sudah ada tidak hilang
cat /home/ulp/id_rsa.pub >> ~/ .ssh/authorized_keys
kita coba tes masuk ke komputer b buka terminal kemudian ketikan
ssh 'root@ip_server_target -p nomorport'
hasil tes
apis@apis-desktop:~$ ssh 'root@10.0.102.20 -p 22'
Linux apis 2.6.32-5-686 #1 SMP Sun May 6 04:01:19 UTC 2012 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue May 28 17:11:36 2013 from 10.0.106.167
root@apis:~#
<pre>
public key pada server dapat berisi lebih dari satu public key contohnya
root@apis:~# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyp8lbVVQFGDEBd4eZpJKbifZJNZ3IaNSA8/bdTeW6VqOSlsbJVa
/WvDgBvFC+C7EqbdzmT3uY5hWpEj1qCFbE66sHXhcAEln0OvjRlLH2dbA+6K/rvx2eAFQd7J6r0P9GS6d0DIVQi+
ZNwbwjuBy088z8H3s7Bo0gNkDE6U12m72E= vaio@vaio-pc
ssh-rsa AAAAzB3NzaC1yc2EAAAADAQABAAABAQC+UeJC1qfhXpzKgZ3HpJwaGYeWTBuG0Pk7zsu7WAa054KLjZi
/LQdUa4yiCFRyIaxuiMwzbKqt5sJsoLdLeGmmi2BtI1Prh6gQW1foJUcXj/BpphiNUUVItZBRTmvo7ILhMFZzg3e8x0
qYgQJFayeFzn9sEabGr47nbPUh8rm8AOKi9VIqGZTIIBrobQn6LVnp7c0qQBbmHL1iYqxPtOhVgFPx2nJzOWB0zJjtmhqs
oVshSWrZ9dfguvzhfcVTWPf0ZbjC1JCuHi+VINC5tsoH1BLNaRTO4nCtxFJclyHvvKEstPfqsGzlzJoI11qcPMZziFQd
dj4pHav1r3JaxvzvNmZvf bim@bim-K42F
ssh-rsa AAzAABz3NzaC1yc2EAAAADAQABAAABAQC+UeJC1qfhXpzKgZ3HpJwaGYeWTBuG0Pk7zsu7WAa054KLjZi
/LQdUa4yiCFRyIaxuiMwzbKqt5sJsoLdLeGmmi2BtI1Prh6gQW1foJUcXj/BpphiNUUVItZBRTmvo7ILhMFZgz3e8x0
qYgQJFayeFn9zsEabGr47nbPUh8rm8AOKi9VIqGZTIIBrobQn6LVnp7c0qQBbmHL1iYqxPtOhVgFPx2nJzOWB0Jjtmh
qsoVshSWrZ9dfguvzhfcVTWPf0ZbjC1JCuHi+VINC5tsoH1BLNaRTO4nCtxFJclyHvvKEstPfqsGzlzJoI11qcPMZi
FQddj4pHav1rz3JaxvvNmZvf bim@bim-K42F
ssh-rsa AAzAAB3NzaC1yc2EAAAADAQABAAABAQDC1LOXZ8zMNjbbTpfcC9nPSI9T3v+4HvHHiY+IyllR7DnufQzc
/GbtHC3xC6c3QzKRMZ/bOPVjlH4ucWOsztIhbCspjHu6hdn5wkQeIPdhoVQ5Rhw9pP3F1amqQZXJmga9vYX4Bzsm9gH
li9zxks/0IYxQXnmxDsDX6EIGT4ZJRbemJFRIX+ds1IMxNj7RZ1kx7xjkYX1nhRoZY3vzAWyBnWTDaRx8JRz46jSOgBalD
yt4ypoEu2bz36vozFvq0Rhv+lFMLbqPceMVh6SY1CTF0Z96Iw2Z2CtL2BTJ6kVpqKoGCcQlAj9vxPetqhXnET8zrvIai5dvCO
wjcpd82ALuSRv apis@apis-desktop
referensi:
http://notes.rioastamal.net/2012/04/login-ssh-tanpa-password.html
http://notes.rioastamal.net/2012/03/membuat-ssh-key-dengan-ssh-keygen.html
http://ramadhan.me/2012/09/login-ssh-tanpa-password.html
semoga berguna