Extremely useful for system administrators, very useful for application developers when testing with remote services, or how some buzz developers refer to it: Service Oriented Architecture (SOA). Also remote execution is widely used by web masters to sync/backup/create mirrors.
Below 5 simple steps will enable you to run any commands on the remote box/host/server via SSH without a need to provide a password. That is usually useful, if such remote calls need to be automated (work without manual/human intervention).
Step number 6 has an example on how to actually run a command on remote host via SSH.
from the local host
Step 1. Create a public/private keys with “ssh-keygen” (ENTER through everything):
user@host:~/.ssh$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/toly/.ssh/id_rsa): [ENTER] Enter passphrase (empty for no passphrase): [ENTER] Enter same passphrase again: [ENTER] Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: 66:fd:11:ca:2d:21:b9:73:c1:b6:fa:1d:b2:2c:71:cd user@host The key's randomart image is: +--[ RSA 2048]----+ | | | . | | . o | | o + o | | E S.o o | | o. .+.o . | | . +o o. | | +. o... | | ... ..=. | +-----------------+
At this point the public and private keys should be created and saved into “~/.ssh” directory:
user@host:~/.ssh$ ls -l total 20 -rw------- 1 user group 1675 2009-03-10 14:18 id_rsa -rw-r--r-- 1 user group 392 2009-03-10 14:18 id_rsa.pub -rw-r--r-- 1 user group 8642 2009-03-10 12:10 known_hosts
Step 2. Add identity to the local ssh authorizer with “ssh-add”.
If you “entered” through the “Enter file in which to save the key (/home/toly/.ssh/id_rsa)” in the previous step, then your identity file should be “id_rsa”:
user@host:~/.ssh$ ssh-add id_rsa
Otherwise replace “id_rsa” with the file you chose to save your identity in.
In case of a friendly “Could not open a connection to your authentication agent.” error message, start “ssh-agent” as:
eval `ssh-agent`
and re-run “ssh-add”.
Step 3. Copy the public key to the remote host ( server ) under “~/.ssh”:
From the step above “id_rsa.pub” would be the public key that needs to be copied to the remote system you would like to run commands on.
user@host:~/.ssh$ scp id_rsa.pub remoteuser@remotehost.com:~/.ssh/
from the remote host
Step 4. On remote host add this public key to “authorized_keys”:
remoteuser@remotehost:~$ cd ~/.ssh
remoteuser@remotehost:~/.ssh~$ cat id_rsa.pub >> authorized_keys
Step 5. Change “authorized_keys” permissions to allow only you to read/write it:
remoteuser@remotehost:~/.ssh$ chmod 600 authorized_keys
from the local host
Step 6. Now you can run any command on the remote box from the local box with no password:
Let’s see what that remote box is running at:
user@host:~$ ssh remoteuser@remotehost.com uname -a Linux remotehost 2.6.27-01-generic #1 SMP Thu Mar 21 10:34:21 UTC 2009 i686 GNU/Linux
By runing “ssh remoteuser@remotehost.com uname -a” from the local box, you just ran “uname -a” command on the remote box without a need to enter the password.
Good Luck Remoting!
Nice writeup on run commands remotely vis ssh with mo passwords.
Thank you
“user@host:~/.ssh$ scp id_rsa.pub remoteuser@remotehost.com:~/.ssh/”
That’s not very smart. If remoteuser@remotehost.com already has his rsa key pair generated and stored in default location, you’ve just overwritten his public key on that machine. Better to scp your new key to just ~/ or someplace else other than default location.
@dude,
It is not all that bad to have ssh public keys in “~/.ssh”. The only thing to note though, it is good to give keys different names to avoid collision that you mentioned.
/Toly
Very nice write up. I’m fairly new to linux and and writing some parallel processor programs using MPI which will run on a cluster of computers. The command to run these programs, mpirun, uses ssh to remotely execute the programs on the other machines. Following these steps saved me a ton of time both in copying the executables (using scp) and running them (using mpirun). Thanks!
Heu.. That work correctly in my opened “securecrt” session where I made all the manipulation but no more if a open a second session with the same user and password!? I forget something?
suppose,
localhost have username govind@yahoo.com,
remotehost have username rajnikant@google.com.
how can i execute some command in remote server without prompting for password using SSH.