DEV Community

Wycliffe A. Onyango
Wycliffe A. Onyango

Posted on

100 Days of DevOps: Day 7

Setting Up Password-less SSH

Password-less authentication is a common practice for system administrators to securely and efficiently manage multiple servers. This guide explains how to set up password-less SSH access from a jump host to other application servers.

Generate an SSH Key Pair

The first step is to generate an SSH key pair on the jump host for the user who needs access. In this case, it is the thor user. This key pair consists of a public key and a private key. The private key remains on the jump host and should be kept confidential, while the public key is what you will distribute to the other servers.

Run the following command on the jump host:

ssh-keygen -t rsa
Enter fullscreen mode Exit fullscreen mode

Press Enter to accept the default file location (~/.ssh/id_rsa) and leave the passphrase empty for a seamless, password-less login.

Distribute the Public Key

Once the key pair is generated, you need to copy the public key to the authorized_keys file of the target users on each application server. The ssh-copy-id command simplifies this process.

Use the following command for each application server, replacing sudo_user and app_server with the actual username and hostname:

ssh-copy-id sudo_user@app_server
Enter fullscreen mode Exit fullscreen mode

For example, to set up access for the tony user on app_server1:

ssh-copy-id tony@app_server1
Enter fullscreen mode Exit fullscreen mode

You will be prompted for the password of the target user on the application server. Once you enter the correct password, the public key is automatically appended to their ~/.ssh/authorized_keys file.

Verify the Connection

After distributing the public key, you can test the password-less connection by trying to log in from the jump host to one of the app servers.

Run the following command:

ssh tony@app_server1
Enter fullscreen mode Exit fullscreen mode

If the setup was successful, you will be logged into the server without being prompted for a password. This allows scripts and administrators to connect to the app servers automatically and securely.

Top comments (0)