Server Authentication Guide

TL;DR

This guide shows you how to securely let two servers talk to each other without sharing passwords directly in code. We’ll use SSH keys for authentication – it’s much safer than usernames and passwords.

Steps

1. Generate an SSH Key Pair on Server A

• Log into Server A as a user that will be used for the connection.
• Run this command to create a new key pair:

  ssh-keygen -t rsa -b 4096

  (Press Enter for default file location and passphrase if you want no password protection). This creates two files:

  • id_rsa (the private key – keep this SECRET!)
  • id_rsa.pub (the public key – we’ll share this)

Copy the Public Key to Server B

• There are a few ways to do this. The easiest is often ssh-copy-id if you have password access to Server B:

  ssh-copy-id user@serverB_ip_address

  (You’ll be prompted for the password of ‘user’ on Server B).

• If ssh-copy-id isn’t available, you can manually copy the contents of id_rsa.pub from Server A and append it to the ~/.ssh/authorized_keys file on Server B.
  • On Server A:

    cat ~/.ssh/id_rsa.pub

  • Log into Server B. If the .ssh directory doesn’t exist, create it:

    mkdir -p ~/.ssh

    and set permissions:

    chmod 700 ~/.ssh

    . If the authorized_keys file doesn’t exist, create it:

    touch ~/.ssh/authorized_keys

    and set permissions:

    chmod 600 ~/.ssh/authorized_keys

    .

  • Edit ~/.ssh/authorized_keys on Server B (using a text editor like nano or vim) and paste the public key from Server A onto a new line. Save the file.

Test the Connection

• From Server A, try connecting to Server B using SSH:

  ssh user@serverB_ip_address

  If everything is set up correctly, you should be logged into Server B without being prompted for a password.

Configure Your Application on Server A

• Modify your application to use SSH commands instead of traditional authentication methods (like HTTP Basic Auth). The exact method depends on the programming language and framework you’re using. Most languages have libraries for executing SSH commands.

  Example (Python with Paramiko):

  import paramiko
  
  ssh = paramiko.SSHClient()
  ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  ssh.connect('serverB_ip_address', username='user', key_filename='/path/to/id_rsa')
  stdin, stdout, stderr = ssh.exec_command('your_command')
  print(stdout.read().decode())
  ssh.close()

Security Considerations

• Private Key Protection: Keep the id_rsa file on Server A extremely secure. Limit access to it using file permissions (e.g., only readable by the user that needs it).
• Passphrase: Consider adding a passphrase to your SSH key for extra security. You’ll need to provide this passphrase when connecting, or use an SSH agent to manage it automatically.
• Disable Password Authentication (Optional): Once you’ve confirmed that SSH key authentication is working reliably, you can disable password authentication on Server B for increased security. Edit the /etc/ssh/sshd_config file and set PasswordAuthentication no. Then restart the SSH service:

  sudo systemctl restart sshd

  . Be *very* careful with this step – make sure key authentication is working first!

• Firewall Rules: Ensure your firewall allows SSH traffic (typically port 22) between Server A and Server B.