I am setting up a cluster of KVM virtual machines and want to be able to ssh to them as the root user on the vm without having to enter a password.
The first thing that I did was create keys on the box from which I was going to make connections (A):
[rchapin@A .ssh]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/usr/local2/home/rchapin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /usr/local2/home/rchapin/.ssh/id_rsa.
Your public key has been saved in /usr/local2/home/rchapin/.ssh/id_rsa.pub.
The key fingerprint is:
The key’s randomart image is:
+–[ RSA 2048]—-+
| + .o=o. |
| + *.o . |
| * +E. |
| +.B |
| oS= |
| .. |
| o. |
| . o. |
| o. |
After which I scp the id_rsa.pub file to the remote box
[rchapin@A ~]$ scp ./id_rsa.pub root@B:/root/
Then ssh to the remote box, create the ~/.ssh directory, copy the contents of the id_rsa.pub file into ~/.ssh/authorized_keys and set the permissions on all of the files.
[root@B ~]# mkdir .ssh
[root@B ~]# chmod 700 .ssh
[root@B ~]# cat ~/id_rsa.pub > authorized_keys
[root@B ~]# chmod 600 authorized_keys
The first problem was that it wasn’t accepting the key and was giving me the password prompt.
After a quick search regarding passwordless ssh and Selinux I did the following:
[root@B .ssh]# restorecon -R -v /root/.ssh/
restorecon reset /root/.ssh context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /root/.ssh/authorized_keys2 context unconfined_u:object_r:admin_home_t:s0->unconfined_u:object_r:ssh_home_t:s0
Now I received the error:
[rchapin@A .ssh]$ ssh root@B
Agent admitted failure to sign using the key.
Another quick search and all I had to do was add the key on the A box and I was all set
[rchapin@A.ssh]$ ssh root@B
Last login: Thu Aug 22 20:40:54 2013 from A