Search This Blog

Tuesday, October 21, 2014

Login ssh tanpa password pada linux

untuk login ssh tanpa password pada linux yang  perlu dilakukan :
  1. generated key ssh client (defaultnya tercipta id_rsa. dan id_rsa.pub.)
  2. kopikan public key ssh (defaultnya id_rsa.pub) yang telah digenerated ke server target (folder root .ssh/authorized_keys )
ok kita mulai
1.pc client yang sudah terinstal ssh (pc client untuk akses ssh tanpa password),kita sebut komputer B
2.server utama yang sudah terinstal ssh(target ssh), kita sebut komputer A
pada komputer b kita generated sshnya dengan perintah
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
ssh-keygen -t rsa
 
apis@apis-desktop:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/apis/.ssh/id_rsa):
/home/apis/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/apis/.ssh/id_rsa.
Your public key has been saved in /home/apis/.ssh/id_rsa.pub.
The key fingerprint is:
d3:6b:59:a0:6d:73:bf:9f:e1:d0:bb:6e:c7:1e:33:c8 apis@apis-desktop
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|          .      |
|         + .     |
|        S = o    |
|         o *..o  |
|          +  E.B |
|         .    ooX|
|              +O=|
+-----------------+
apis@apis-desktop:~$
default pembentukan ini menggunakan RSA dapat kita ketahui dari command promt /terminal seperti diatas
Akan terbentuk 2 key defaultnya tercipta id_rsa. dan id_rsa.pub. , id_rsa merupakan private key yang
harus disimpan di komputer kita dan tidak boleh diketahui oleh orang lain.Orang yang mempunyai private
key ini bisa login ke SSH Server yang di dalamnya sudah tersimpan public key pasangannya.
nah yang akan kita copykan adalah public keynya yaitu  id_rsa.pub.
kemudian kita copy ke komputer a dengan perintah
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
ssh-copy-id 'root@ip_server_target -p nomorport'
 
root@apis:~# ssh-copy-id 'root@10.0.102.20 -p 22'
The authenticity of host '10.0.102.20 (10.0.102.20)' can't be established.
RSA key fingerprint is c4:85:41:44:e7:3e:fe:f1:37:4e:d4:7e:e3:4b:e7:64.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': y
Please type 'yes' or 'no': yes
Warning: Permanently added '10.0.102.20' (RSA) to the list of known hosts.
root@10.0.102.20's password:
Now try logging into the machine, with "ssh 'root@10.0.102.20 -p 22'", and check in:
 
.ssh/authorized_keys
 
to make sure we haven't added extra keys that you weren't expecting.
 
root@apis:~#
 
selain itu kita dapat menggunakan scp untuk mengcopi
 
scp fileasal filesumber
 
scp /home/apis/.ssh/id_rsa.pub root@10.0.102.20:/home/ulp
 
masuk ke server taget dan kopikan manual agar tidak tereplace
sehingga public key yang sudah ada tidak hilang
 
cat /home/ulp/id_rsa.pub >> ~/ .ssh/authorized_keys
kita coba tes masuk ke komputer b buka terminal kemudian ketikan
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
ssh  'root@ip_server_target -p nomorport'
 
hasil tes
 
apis@apis-desktop:~$ ssh 'root@10.0.102.20 -p 22'
Linux apis 2.6.32-5-686 #1 SMP Sun May 6 04:01:19 UTC 2012 i686
 
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
 
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue May 28 17:11:36 2013 from 10.0.106.167
root@apis:~#
<pre>
public key pada server dapat berisi lebih dari satu public key contohnya
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
root@apis:~# cat  /root/.ssh/authorized_keys
 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyp8lbVVQFGDEBd4eZpJKbifZJNZ3IaNSA8/bdTeW6VqOSlsbJVa
/WvDgBvFC+C7EqbdmT3uY5hWpEj1qCFbE66sHXhcAEln0OvjRlLH2dbA+6K/rvx2eAFQd7J6r0P9GS6d0DIVQi+
ZNwbwjuBy0888H3s7Bo0gNkDE6U12m72E= vaio@vaio-pc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+UeJC1qfhXpzKgZ3HpJwaGYeWTBuG0Pk7zsu7WAa054KLjZi
/LQdUa4yiCFRyIaxuiMwzbKqt5sJsoLdLeGmmi2BtI1Prh6gQW1foJUcXj/BpphiNUUVItZBRTmvo7ILhMFZg3e8x0
qYgQJFayeFn9sEabGr47nbPUh8rm8AOKi9VIqGZTIIBrobQn6LVnp7c0qQBbmHL1iYqxPtOhVgFPx2nJzOWB0Jjtmhqs
oVshSWrZ9dfguvzhfcVTWPf0ZbjC1JCuHi+VINC5tsoH1BLNaRTO4nCtxFJclyHvvKEstPfqsGzlzJoI11qcPMZiFQd
dj4pHav1r3JaxvvNmZvf bim@bim-K42F
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+UeJC1qfhXpzKgZ3HpJwaGYeWTBuG0Pk7zsu7WAa054KLjZi
/LQdUa4yiCFRyIaxuiMwzbKqt5sJsoLdLeGmmi2BtI1Prh6gQW1foJUcXj/BpphiNUUVItZBRTmvo7ILhMFZg3e8x0
qYgQJFayeFn9sEabGr47nbPUh8rm8AOKi9VIqGZTIIBrobQn6LVnp7c0qQBbmHL1iYqxPtOhVgFPx2nJzOWB0Jjtmh
qsoVshSWrZ9dfguvzhfcVTWPf0ZbjC1JCuHi+VINC5tsoH1BLNaRTO4nCtxFJclyHvvKEstPfqsGzlzJoI11qcPMZi
FQddj4pHav1r3JaxvvNmZvf bim@bim-K42F
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDC1LOXZ8zMNjbbTpfcC9nPSI9T3v+4HvHHiY+IyllR7DnufQzc
/GbtHC3xC6c3QzKRMZ/bOPVjlH4ucWOsztIhbCspjHu6hdn5wkQeIPdhoVQ5Rhw9pP3F1amqQZXJmga9vYX4Bzsm9gH
li9zxks/0IYxQXnmxDsDX6EIGT4ZJRbemJFRIX+ds1IMxNj7RZ1kx7xjkYX1nhRoZY3vzAWyBnWTDaRx8JR46jSOgBalD
yt4ypoEu2b36vozFvq0Rhv+lFMLbqPceMVh6SY1CTF0Z96Iw2Z2CtL2BTJ6kVpqKoGCcQlAj9vxPetqhXnET8rvIai5dvCO
wjcpd82ALuSRv apis@apis-desktop
referensi:
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)