You have two servers that both run linux. An origin server and a target server. You want to open up an SSH connection as the root user from the origin server to the root user account on the target server. Furthermore, you do not want to be prompted for a password but you still want it to be relatively secure.
For demonstration purposes we will assume the following:
origin server IP address: 111.111.111.111
target server IP address: 222.222.222.222
NOTE: This can work for any two machines running most Linux distributions, including workstation/desktop distributions. In my case I am simply going server-to-server.
On your ORIGIN server.
cd /root/.ssh
ssh-keygen -t rsa
Enter file in which to save the key (/root/.ssh/id_rsa): #leave empty, hit "enter" key
Enter passphrase (empty for no passphrase): #leave empty, hit "enter" key
Enter same passphrase again: #leave empty, hit "enter" key
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| |
| zzzzz |
| zzzzz |
| zz |
|zzzzzzzzzzzzzz |
|zz |
|zzzzzzzzzzzzzzzzz|
|zzzzzzzzzzzzz |
| zzzzzzzz |
+-----------------+
This should have generated a couple of files on your origin server under /root/.ssh/, one is a public key and the other private. We need to manually copy the public key onto the target server.
Still on the origin server.
vim id_rsa.pub
Select all of what you see and copy/paste it to a notepad file.
NOW -> On your TARGET server:
vim /etc/ssh/sshd_config
Change the “PermitRootLogin” option to reflect the following:
Save and close the file, then:
Still on your TARGET server.
vim /root/.ssh/authorized_keys
This file may or may not be blank. Suffice to say, you need to append your public key to a new line in this file. Copy and paste it in to a new line at the bottom of the file and save and close.
From your origin server.
The authenticity of host '[222.222.222.222] ([222.222.222.222])' can't be established.
ECDSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? #type yes and hit "enter"
You will then be taken to a bash prompt on the target server. Type “exit” and hit the enter key to leave.
From here on out your root account on your origin server can ssh into the target server as the root user without a password. It is secure because only your root account on your Origin server can make the connect by utilizing the private and public keys that we generated earlier.
This is excellent for scripts/cron jobs that run under the root account on the ORIGN server and need to make a remote connection to the TARGET as they can now run securely and without needing a password saved in the script. That is one very common use-case for this setup.