| We moved this page to our Documentation Portal. You can find the latest updates here. |
Question
How can I login to or between Linux servers more securely than using a password?
This does include logging between multiple control servers, control servers and hypervisors, and even logging into virtual machines without the need for a password that can be hacked.
Environment
OnApp All Versions
Linux VMs
Answer
An RSA key is a very secure method of logging into a server without a password, while still preventing unauthorized users from accessing the same server.
For cloud security, we recommend using ssh keys to access clouds instead of passwords.
To generate an ssh key, you will first need to ssh into the server (you will want to be logged in as the user you want to make the key for. In most cases, it is root).
Then, run the following command:
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.pub2.
Your public key has been saved in /root/.ssh/id_rsa.pub2.pub.
The key fingerprint is:
bd:26:53:4a:a9:83:6d:0e:31:6c:67:77:8c:b5:9b:e7 root@dev10-cp
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| . * . |
| = o S * |
| . B + + + |
| o = + = . |
| + . + o |
| . E |
+-----------------+
From there, add a key to a new server (again, make sure you're still logged in as the user you want to access):
ssh-copy-id -i /home/<USER>/.ssh/id_rsa.pub root@<NEW SERVER IP>
This will prompt for the password for the second cloud you are adding it to. Then, the key is added and it will allow you to use the key instead of the password.