A Trust relationship can be established for users on multiple servers running OpenSSH to allow a password free ssh session. This is sometime important when you want to run scripts or commands remotely.
Most part of this article is common for most if not all of the UNIX/LINUX flavors except the following which steps to uncomment a few lines from the ssh_config file in Solaris:
Uncomment the following lines from the /usr/local/etc/ssh_config file:
Now, let’s assume ServerA and ServerB both run the ssh daemons.
To allow ServerA to SSH to ServerB without password, please try the following:
# ssh-keygen -t rsa
Note: User here is root
This generates two files id_rsa.pub and id_rsa
Now, this needs to be copied to the authorized_keys file on ServerB
# scp id_rsa.pub ServerB:~/.ssh/authorized_keys
Enter password when prompted.
BEWARE: If the ServerB is already having a trust relationship with more that one hosts already then the above will wipe the contents and write this key alone. In which case, copy the file to the remote server as something like ServerA_rsa.pub and then append the contents to authorized_keys as follows. This will allow the existing authroized_keys from being wiped off.
# scp id_rsa.pub ServerB:~/.ssh/ServerA_rsa.pub
# cat ServerA_rsa.pub >> authorized_keys
Thats it. Test if you are able to do a ssh from ServerA without a password:
# ssh serverB uname -a
This will run the command “uname -a” on ServerB and returns the result on ServerA.
The same procedure has to be followed in the reverse to allow ServerB to talk back to ServerA without any password.
And, if there is anyone other server to be added to the existing list follow the same procedure ensuring the key is appended to the remote servers authorized_keys file and not by overwriting it.