This is a guide on how to set up a Password Free SSH Key Automatic Config Authentication between two servers so that the Origin Server can log in to the Destination Server and write the files to the Destination Server Automatically.
1. Create a passphrase-free ssh key on Origin Server
So on the Origin Server:
– Change to a user you would like to use to log in to the Destination Server – in my case – root
(We will use root as we need to run backups as root and move them to the Destination Server)
su -
– Create the SSH RSA Key
ssh-keygen -t rsa
You should see something like this:
Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: e0:gf:5d:8a:51:a8:c7:3a:e4:3a:3c:22:f9:4e:35:ca root@example
Your key fingerprint will almost certainly differ from the example here.
Get the contents of id_rsa.pub
cat /root/.ssh/id_rsa.pub
You should see a really long key that starts with something like this – with example.com being your Origin Server hostname.
ssh-rsa AAAAB3NzaC1yc2EAAAAB[...] rootatexample.com
Leave this SSH window open for now…
2. Copy the Origin Server Users SSH Key to the Destination Server
So on the Destination Server:
Change to your backup user – in our case backup-user
(This is the user that has rights to the folder where you would like to write your backup files)
su backup-user
Add the RSA SSH KEY from the Origin Server to the users
vim /backup-user/.ssh/authorized_keys
Now GO BACK the SSH window of the Origin Server and copy the LONG line starting with ssh-rsa that you cat out in the previous step – it should look like this
ssh-rsa AAAAB3NzaC1yc2EAAAAB[...] rootatexample.com
Now BACK IN THE Destination Server SSH paste it into the vim file
Save and close the file
**You may need to make some file permission adjustments, it depends on your system:
chmod -R go-rwx /root/.ssh
3. Test that you can log in to the Destination Server from the Origin Server using the SSH KEY without any password
So Back on the Origin Server:
ssh backup-user@destination-server-hostname
You might be asked to add the the Destination server RSA Key – just say yes
Are you sure you want to continue connecting (yes/no)? yes
You should now be logged in WITHOUT being asked for a password
Last login: Sat Apr 20 09:50:01 2013 from example.com -sh-4.1$
If that worked advance to the next step – else keep trying until you get it working
4. Add a SSH Config on the Origin Server root user so that it can log in easier when running scripts
So on the Origin Server
Create a SSH Config file
vim /root/.ssh/config
Paste this into the file and insert your settings where needed:
host destination-server-nickname hostname xxx.xxx.xxx.xxx port xx user backup-user compression yes protocol 2
## host = your nickname for the Destination Server
## hostname = the hostname or IP of the Destination Server
## port = your SSH port of Destination Server
## user = the user on the Destination Server that you will write your files/backups to
Note that “compression yes” is optional, and you may wish to omit it the servers are connected over high-speed nets.
This config entry enables the Origin Server to use the “nickname” destination-server-nickname wherever ssh expects a real hostname. ssh will use the information specified in the config file, which will result in a automatic connection to the Destination Server
**You may need to make some file permission adjustments, it depends on your system:
chmod -R go-rwx /root/.ssh
5. Test logging in from the Origin Server to the Destination Server using the SSH Config
ssh destination-server-nickname
You should see that you logged in to the Destination Server
Last login: Wed May 13 03:53:06 2015 -sh-4.1$
One thought on “How To: Linux SSH KEY Password Free Automatic Config Authentication – Backup, SFTP, SCP”