ssh – Technoserene

Following steps would help you to do scp, ssh & rsync without prompting for password:

1. On Host A where you run scp/ssh/rsync command, run the following command:

$ ssh-keygen -t rsa

This will prompt a passphrase. After pressing enter key it’ll generate a private and a public key. Public key is saved at ~/.ssh/ by default.

2. Transfer id_rsa.pub file to Host B using scp or ftp.

[dfads params=’groups=-1′]

3. On Host B, login as remote user and copy the contents of id_rsa.pub to ~/.ssh/authorized_keys using the following command:

$ cat id_rsa.pub >>~/.ssh/authorized_keys
$ chmod 700 ~/.ssh/authorized_keys

4. Thats’ all, Now you can run scp, ssh and rsync command without prompting for password.

5. Note that ssh by default does not allow root to log in. This has to be explicitly enabled on Host B. This can be done by editing /etc/ssh/sshd_config and changing the option of PermitRootLoginfrom no to yes. Don’t forget to restart sshd so that it reads the modified config file. Do this only if you want to use the root login.

[dfads params=’groups=-1′]

Here is how to restrict SSH access to certain IP addresses on and off your home LAN.

Edit the /etc/hosts.allow file to include these lines, assuming your home LAN is on the 192.168.4.x nonrouting IP block, and your work address is on the routing 1.1.1.x
IP block: Remember to add the period on the end of each incomplete IP number.
If you have another complete IP address or range, add a space and that range on the end.

# allow ssh login from home LAN and work LAN
sshd,sshdfwd-X11: 192.168.4. 1.1.1.x.

Edit your /etc/hosts.deny file to include this line:
sshd,sshdfwd-X11:ALL
These lines refuse SSH connections from anyone not in the IP address blocks listed.

Log out and then try logging back in to test your configuration. Good luck!

[dfads params=’groups=-1′]

Tag: ssh

How To scp, ssh and rsync without prompting for password

Restrict SSH Access by IP Address on Linux