Akses SSH tanpa password menggunakan Authorized Keys
Langkah 1 - Generate SSH Keys
Lakukan generate ssh key pada local pc/leptop
ssh-keygenOutput
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):Jika sebelumnya sudah pernah menggenerate akan muncul seperti ini:
Output
/home/username/.ssh/id_rsa already exists.
Overwrite (y/n)?Selanjutnya, jika ingin menggunakan password pada ssh keys-nya silahkan isi pada bagian ini:
Output
Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:Berikut tampilan apabila generate ssh keys berhasil:
Output
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:CAjsV9M/tt5skazroTc1ZRGCBz+kGtYUIPhRvvZJYBs username@hostname
The key's randomart image is:
+---[RSA 3072]----+
|o ..oo.++o .. |
| o o +o.o.+... |
|. . + oE.o.o . |
| . . oo.B+ .o |
| . .=S.+ + |
| . o..* |
| .+= o |
| .=.+ |
| .oo+ |
+----[SHA256]-----+Langkah 2 — Salin SSH Public Key ke Server
Menyalin ssh publik key menggunakan ssh-copy-id
Gunakan perintah berikut:
ssh-copy-id username@remote_hostKemudian mungkin akan tampil seperti berikut, kemudian ketik yes dan enter
Output
The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yesMasukan password login ssh sesuai user yang digunakan, dan selesai.
Output
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@203.0.113.1's password:Menyalin ssh publik key menggunakan ssh
cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"Kemudian mungkin akan tampil seperti berikut, ketik yes dan enter:
Output
The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yesMasukan password dari akun yang digunakan:
Output
username@203.0.113.1's password:Menyalin secara manual
Gunakan perintah berikut untuk menyalin public key:
cat ~/.ssh/id_rsa.pubKemudian mungkin akan melihat output seperti ini:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqql6MzstZYh1TmWWv11q5O3pISj2ZFl9HgH1JLknLLx44+tXfJ7mIrKNxOOwxIxvcBF8PXSYvobFYEZjGIVCEAjrUzLiIxbyCoxVyle7Q+bqgZ8SeeM8wzytsY+dVGcBxF6N4JS+zVk5eMcV385gG3Y6ON3EG112n6d+SMXY0OEBIcO6x+PnUSGHrSgpBgX7Ks1r7xqFa7heJLLt2wWwkARptX7udSq05paBhcpB0pHtA1Rfz3K2B+ZVIpSDfki9UVKzT8JUmwW6NNzSgxUfQHGwnW7kj4jp4AT0VZk3ADw497M2G/12N0PPB5CnhHf7ovgy6nL1ikrygTKRFmNZISvAcywB9GVqNAVE+ZHDSCuURNsAInVzgYo9xgJDW8wUw2o8U77+xiFxgI5QSZX3Iq7YLMgeksaO4rBJEa54k8m5wEiEE1nUhLuJ0X/vh2xPff6SQ1BL/zkOhvJCACK6Vb15mDOeCSq54Cr7kvS46itMosi/uS66+PujOO+xt/2FWYepz6ZlN70bRly57Q06J+ZJoc9FfBCbCyYH7U/ASsmY095ywPsBo1XQ9PqhnN1/YOorJ068foQDNVpm146mUpILVxmq41Cj55YKHEazXGsdBIbXWhcrRf4G2fJLRcGUr9q8/lERo9oxRm5JFX6TCmj6kmiFqv+Ow9gI0x8GvaQ== username@hostnameKemudian masuk ke SSH server dan masuk ke folder ~/.ssh jika tidak ada buat secara manual dengan perintah berikut:
mkdir -p ~/.sshKemudian masukan pub key yang sudah disalin tadi menggunakan perintah berikut:
echo `public_key_string` >> ~/.ssh/authorized_keysLangkah 3 - Autentikasi ke Server menggunakaan SSH Keys
Gunakan perintah seperti ini:
ssh username@remotehost