Once I had a requirement to copy some files from APP sever to DB server of same instance on regular intervals. We can achieve this by writing a small host program to connect to DB sever through FTP or SFTP and transfer files but this would require DB server login user name and password. We can hardcode the user name in the shell script but its not suggestible to hardcode password for obvious security reasons, we can store the password in lookup or a profile option but even this is not suggestible from security point of view. So I’ve decided to use the approach of Password less SSH Connection.
Here in this article I will show how to setup Password less SSH Connection.
Lets consider Apps server as ‘Source Server‘ and DB Server as ‘Destination Server‘
Here in this example server 005 is APP Server and 006 is DB server
Connect to APP Server(005) and change to super user mode and execute below command
ssh-keygen -t rsa
Note: Do not enter file name and password when prompted
You can observe that this command creates a key under a directory .ssh
Connect to DB Server(006) with any user name through which you want to connect and create a directory ‘.ssh‘ and create an empty file ‘authorized_keys’ in .ssh directory.
I couldn’t find a way to create a directory ‘.ssh’ so ran the SSH key gen command which creats ‘.ssh’ directory and then deleted all the files in ‘.ssh’ directory.
ssh-keygen -t rsa cd ~/.ssh rm * touch authorized_keys
Connect back to APP server in super user mode and execute below command to copy ssh key to Destination DB server
cat ~/.ssh/id_rsa.pub | ssh DBHostUsername@DBHost006 'cat >> .ssh/authorized_keys && echo "Key Copied"
Connect to DB Server and check if keys are copied
cd ~/.ssh cat authorized_keys
Connect to APP server in super user mode and test password less entry by executing below command, it will not ask password
after doing all these setups you can use the command in Step 5 in any shell script to connect without password
Thanks to Tommy’s blog for helping me in creating ssh-keygen
Do drop a comment if you have questions on implementing this.