It's often useful to be able to SSH to other machines without being prompted for a password. Additionally, if you using tools such as Parallel SSH you will need to setup Public Key SSH Authentication. To set it up is relatively straight forward:
On the client machine (ie. the one you are SSH'ing from) you will need to create an SSH RSA key. So run the following command - ensure you don't supply a password:
[root@node01 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: c6:66:93:16:73:0b:bf:46:46:28:7d:a5:38:a3:4d:6d root@node01 The key's randomart image is: +--[ RSA 2048]----+ | . | | . + o | | . @ E | | * & . | | . S = | | = + . | | o | | . | | | +-----------------+
This will generate the following files:
[root@node01 ~]# cd ~/.ssh [root@node02 .ssh]# ls -l total 8 -rw-------. 1 root root 1675 Jul 27 15:01 id_rsa -rw-r--r--. 1 root root 406 Jul 27 15:01 id_rsa.pub
On the client machine tighten up file system permissions thus:
[root@node01 ~]# chmod 700 ~/.ssh [root@node01 ~]# chmod 600 ~/.ssh/* [root@node01 ~]# ls -ld ~/.ssh & ls -l ~/.ssh drwx------. 2 root root 4096 Jul 27 15:01 /root/.ssh -rw-------. 1 root root 1675 Jul 27 15:01 id_rsa -rw-------. 1 root root 406 Jul 27 15:01 id_rsa.pub
Now copy the public key to the machine you want to SSH and fix permissions (you will be prompted for the root password):
[root@node01 ~]# ssh root@node02 'mkdir -p /root/.ssh' [root@node01 ~]# scp /root/.ssh/id_rsa.pub root@node02:/root/.ssh/authorized_keys [root@node01 ~]# ssh root@node02 'chmod 700 /root/.ssh' [root@node01 ~]# ssh root@node02 'chmod 600 /root/.ssh/*'
You can also use the utility ssh-copy-id to do the above steps. If you don't have scp on the remote machine you will need to install it:
[root@node01 ~]# ssh root@node02 'yum install openssh-clients'
You should now be able to ssh directory from node01 to node02 without providing a password:
[root@node01 ~]# ssh node02 Last login: Wed Jul 27 15:41:56 2011 from 10.255.5.57 [root@node ~]#
IMPORTANT There is a bug in CentOS 6 / SELinux that results in all client presented certificates to be ignored when SELinux is set to Enforcing. To fix this simply:
[root@node01 ~]# ssh root@node02 'restorecon -R -v /root/.ssh' restorecon reset /root/.ssh context system_u:object_r:ssh_home_t:s0->system_u:object_r:home_ssh_t:s0 restorecon reset /root/.ssh/authorized_keys context unconfined_u:object_r:ssh_home_t:s0->system_u:object_r:home_ssh_t:s0