open networking > linux > password less ssh setup
goal
the 3 linux systems should be able to ssh each other with out a password
.....
topology
.....
credentials
default
cumulus - cumulus/CumulusLinux! and root/nopassword
ubuntu - root/nopassword
setup root password
root@host3:~# passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
.....
enable ssh
the ssh server can be setup on a linux system with the openssh-server package, in cumulus (switches 1 and 2) its installed by default. it may have to be installed on ubuntu such as the ubuntu docker container on gns3
check if the package is already there
cumulus@cumulus:~$ apt list --installed | grep openssh-server
root@host3:~# apt update #doesn't upgrade, just to ensure the latest versions of the packages will be available
root@host3:~# apt install openssh-server #to install the openssh-server package
#use an editor such as nano or vi to edit any file, cat is used to view the contents of a file
root@host3:~# cat /etc/ssh/sshd_config | grep RootLogin
PermitRootLogin yes
root@host3:~# service ssh start #service to be deprecated and replaced by systemctl
.....
optional - setup static ips for stability in the lab after reboots etc.
/etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.122.33 #for host3
netmask 255.255.255.0
gateway 192.168.22.1
.....
hostname and hosts
edit the hostname and edit the hosts file on each system, to create ip-name maps
for example, on host3:
root@host3:~# cat /etc/hostname
host3
root@host3:~# cat /etc/hosts
127.0.1.1 host3 #local
192.168.122.11 switch1
192.168.122.22 switch2
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
.....
ssh key generation
the ~/.ssh directory (~ refers to home, when logged in as cumulus it indicates /home/cumulus, and when logged in as root it indicates /root) will not be present by default, it will be created automatically, along with the associated files id_rsa(private) and id_rsa.pub(public) when the ssh key is generated, this has to be done on all 3 systems
cumulus@switch1:~$ cat .ssh
cat: /home/cumulus/.ssh: No such file or directory
#ssh key generation for the id root in switch1
root@switch1:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
59:a9:df:36:52:a2:fb:e1:64:97:b1:53:a4:20:e0:68 root@switch1
The key's randomart image is:
+---[RSA 2048]----+
| . |
| o . . |
| E . . + . |
| . = . o |
| S . + . |
| o + = |
| . * O |
| = = o |
| ..o |
+-----------------+
#ssk key generation for the id cumulus in switch2
cumulus@switch2:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/cumulus/.ssh/id_rsa):
Created directory '/home/cumulus/.ssh'.
Enter passphrase (empty for no passphrase): #we can keep this nil
Enter same passphrase again: #for a complete password/passphrase free access
Your identification has been saved in /home/cumulus/.ssh/id_rsa.
Your public key has been saved in /home/cumulus/.ssh/id_rsa.pub.
The key fingerprint is:
94:06:d8:5f:c8:f7:1d:68:c7:72:99:e0:36:a6:4d:32 cumulus@switch2
The key's randomart image is:
+---[RSA 2048]----+
| o.. . .+ o |
| . ..o.o.+ B |
| .+oEo*= . |
| o. O... |
| S . . |
| |
| |
| |
| |
+-----------------+
note that, ssh key has to be generated for each username as required, in this case it was done for the username cumulus, it can be done for the username root as well, however on ubuntu since there is only one username root, it has to generated for that username. no additional usernames are created for this exercise
.....
copy the public key to the remote systems
the public key generated on the local system for that particular username (~./ssh/id_rsa.pub) has to be copied and pasted on to the remote system for a specific username here - ~/.ssh/authorized_keys
#there are two things to note here - local username - remote username, and local file - remote file
copying can be achieved in few ways such as ssh_copy_id / scp / echo etc.
scp will be used in this document, as its a better choice to copy the public key between different or same usernames among systems
cumulus@switch1:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdJGyorw2+xGrU64hwoVw1bRiILxbAPiyv6sDUuTS1hZ3tR33OaG8KDUFOVKvLhLqxq+n915I358Q/PgnntR3wmOXCQURQyWa/hj/+LCl8hAlBvn1K26yfZaArOY161hYbEfusCTRfQ9B9aIfVWLb/o+Pso5M3wOcLXiLXagMoy2v53HSnAUVAyoCzDv46DzG17aQbz74ccgppHEyWPYdKW/C2Mea0rTaaoklhSbl1JaiBdcY0NP8dQi1iI8ATDVN4MaJINUPgkbnSyJmokanbAsrhi9GSa5FOgA8G9oINISCQjsxsCMZClFn9gQlt2EuN4TZK5iTBi+b2hGT1DqgR cumulus@switch1
the public key of the local system, for example: switch1, should be copied and appended to the respective '.ssh/authorised_keys' file of the remote systems, in this case - switch2 and host3.
format: scp local_file user@remote_hostname:remotefile
cumulus@switch1:~$ scp .ssh/id_rsa.pub root@host3:.ssh/authorized_keys
The authenticity of host 'host3 (192.168.122.33)' can't be established.
ECDSA key fingerprint is b8:ba:55:02:38:e3:62:6b:08:12:d6:73:91:79:66:2a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host3,192.168.122.33' (ECDSA) to the list of known hosts.
root@host3's password:
id_rsa.pub 100% 397 0.4KB/s 00:00
root@switch1:~# scp .ssh/id_rsa.pub host3:.ssh/authorized_keys
root@host3's password:
id_rsa.pub 100% 394 0.4KB/s 00:00
.....
verify the authorized_keys file, if required
cumulus@switch2:~$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdJGyorw2+xGrU64hwoVw1bRiILxbAPiyv6sDUuTS1hZ3tR33OaG8KDUFOVKvLhLqxq+n915I358Q/PgnntR3wmOXCQURQyWa/hj/+LCl8hAlBvn1K26yfZaArOY161hYbEfusCTRfQ9B9aIfVWLb/o+Pso5M3wOcLXiLXagMoy2v53HSnAUVAyoCzDv46DzG17aQbz74ccgppHEyWPYdKW/C2Mea0rTaaoklhSbl1JaiBdcY0NP8dQi1iI8ATDVN4MaJINUPgkbnSyJmokanbAsrhi9GSa5FOgA8G9oINISCQjsxsCMZClFn9gQlt2EuN4TZK5iTBi+b2hGT1DqgR cumulus@switch1
.....
action
no password from cumulus@switch1 to root@host3
cumulus@switch1:~$ ssh root@host3
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-31-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Last login: Thu Dec 28 03:51:30 2017 from 192.168.122.184
no password from root@switch2 to root@host3
root@switch2:~# scp .ssh/id_rsa.pub host3:.ssh/authorized_keys
root@host3's password:
id_rsa.pub 100% 394 0.4KB/s 00:00
root@switch2:~# ssh host3
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-31-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Last login: Thu Dec 28 04:32:42 2017 from 192.168.122.11
.....
reference
https://cumulusnetworks.com
https://debian-administration.org/article/152/Password-less_logins_with_OpenSSH
—end-of-document—