Extremely useful for system administrators, very useful for application developers when testing with remote services, or how some buzz developers refer to it: Service Oriented Architecture (SOA). Also remote execution is widely used by web masters to sync/backup/create mirrors.
Below 5 simple steps will enable you to run any commands on the remote box/host/server via SSH without a need to provide a password. That is usually useful, if such remote calls need to be automated (work without manual/human intervention).
Step number 6 has an example on how to actually run a command on remote host via SSH.
from the local host
Step 1. Create a public/private keys with “ssh-keygen” (ENTER through everything):
user@host:~/.ssh$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/toly/.ssh/id_rsa): [ENTER] Enter passphrase (empty for no passphrase): [ENTER] Enter same passphrase again: [ENTER] Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: 66:fd:11:ca:2d:21:b9:73:c1:b6:fa:1d:b2:2c:71:cd user@host The key's randomart image is: +--[ RSA 2048]----+ | | | . | | . o | | o + o | | E S.o o | | o. .+.o . | | . +o o. | | +. o... | | ... ..=. | +-----------------+ |
At this point the public and private keys should be created and saved into “~/.ssh” directory:
user@host:~/.ssh$ ls -l total 20 -rw------- 1 user group 1675 2009-03-10 14:18 id_rsa -rw-r--r-- 1 user group 392 2009-03-10 14:18 id_rsa.pub -rw-r--r-- 1 user group 8642 2009-03-10 12:10 known_hosts |
Step 2. Add identity to the local ssh authorizer with “ssh-add”.
If you “entered” through the “Enter file in which to save the key (/home/toly/.ssh/id_rsa)” in the previous step, then your identity file should be “id_rsa”:
user@host:~/.ssh$ ssh-add id_rsa |
Otherwise replace “id_rsa” with the file you chose to save your identity in.
In case of a friendly “Could not open a connection to your authentication agent.” error message, start “ssh-agent” as:
eval `ssh-agent` |
and re-run “ssh-add”.
Step 3. Copy the public key to the remote host ( server ) under “~/.ssh”:
From the step above “id_rsa.pub” would be the public key that needs to be copied to the remote system you would like to run commands on.
user@host:~/.ssh$ scp id_rsa.pub remoteuser@remotehost.com:~/.ssh/ |
from the remote host
Step 4. On remote host add this public key to “authorized_keys”:
remoteuser@remotehost:~$ cd ~/.ssh |
remoteuser@remotehost:~/.ssh~$ cat id_rsa.pub >> authorized_keys |
Step 5. Change “authorized_keys” permissions to allow only you to read/write it:
remoteuser@remotehost:~/.ssh$ chmod 600 authorized_keys |
from the local host
Step 6. Now you can run any command on the remote box from the local box with no password:
Let’s see what that remote box is running at:
user@host:~$ ssh remoteuser@remotehost.com uname -a Linux remotehost 2.6.27-01-generic #1 SMP Thu Mar 21 10:34:21 UTC 2009 i686 GNU/Linux |
By runing “ssh remoteuser@remotehost.com uname -a” from the local box, you just ran “uname -a” command on the remote box without a need to enter the password.
Good Luck Remoting!