Wednesday, January 11, 2012

Password-less SSH Authentication Validation

Password-less SSH login is widely use inside a trusted network. System administrator will use this method to remotely execute some task specially in a batch scripting. However, this method sometime may failed in certain circumstances for example host name change, accidentally remove the public key or private key or run the script using different user.

So validation and alerting is very important on Password-less SSH Authentication. Hereby is the script to perform validation, it has been tested on RHEL and CentOS.

1. tester1 account is configured to have SSH RSA password-less login from comcrazy account
2. tester2 account have NO password-less login from comcrazy account

Test Script
[comcrazy@localhost ~]$ ssh -qo BatchMode=yes tester1@localhost.localdomain echo OK |grep OK |wc -l
[comcrazy@localhost ~]$ ssh -qo BatchMode=yes tester2@localhost.localdomain echo OK |grep OK |wc -l

By using above command, if the remote account IS NOT configured as SSH password-less authentication or password-less authentication is not working, then it will return 0. Otherwise, this command will return a 1 as result.

1 comment: