TL;DR
This guide shows you how to securely let two servers talk to each other without sharing passwords directly in code. We’ll use SSH keys for authentication – it’s much safer than usernames and passwords.
Steps
- Generate an SSH Key Pair on Server A
- Log into Server A as a user that will be used for the connection.
- Run this command to create a new key pair:
ssh-keygen -t rsa -b 4096(Press Enter for default file location and passphrase if you want no password protection). This creates two files:
- id_rsa (the private key – keep this SECRET!)
- id_rsa.pub (the public key – we’ll share this)
- Copy the Public Key to Server B
- There are a few ways to do this. The easiest is often
ssh-copy-idif you have password access to Server B:ssh-copy-id user@serverB_ip_address(You’ll be prompted for the password of ‘user’ on Server B).
- If
ssh-copy-idisn’t available, you can manually copy the contents ofid_rsa.pubfrom Server A and append it to the~/.ssh/authorized_keysfile on Server B.- On Server A:
cat ~/.ssh/id_rsa.pub - Log into Server B. If the
.sshdirectory doesn’t exist, create it:mkdir -p ~/.sshand set permissions:
chmod 700 ~/.ssh. If the
authorized_keysfile doesn’t exist, create it:touch ~/.ssh/authorized_keysand set permissions:
chmod 600 ~/.ssh/authorized_keys.
- Edit
~/.ssh/authorized_keyson Server B (using a text editor like nano or vim) and paste the public key from Server A onto a new line. Save the file.
- On Server A:
- Test the Connection
- From Server A, try connecting to Server B using SSH:
ssh user@serverB_ip_addressIf everything is set up correctly, you should be logged into Server B without being prompted for a password.
- Configure Your Application on Server A
- Modify your application to use SSH commands instead of traditional authentication methods (like HTTP Basic Auth). The exact method depends on the programming language and framework you’re using. Most languages have libraries for executing SSH commands.
Example (Python with Paramiko):
import paramiko ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect('serverB_ip_address', username='user', key_filename='/path/to/id_rsa') stdin, stdout, stderr = ssh.exec_command('your_command') print(stdout.read().decode()) ssh.close() - Security Considerations
- Private Key Protection: Keep the
id_rsafile on Server A extremely secure. Limit access to it using file permissions (e.g., only readable by the user that needs it). - Passphrase: Consider adding a passphrase to your SSH key for extra security. You’ll need to provide this passphrase when connecting, or use an SSH agent to manage it automatically.
- Disable Password Authentication (Optional): Once you’ve confirmed that SSH key authentication is working reliably, you can disable password authentication on Server B for increased security. Edit the
/etc/ssh/sshd_configfile and setPasswordAuthentication no. Then restart the SSH service:sudo systemctl restart sshd. Be *very* careful with this step – make sure key authentication is working first!
- Firewall Rules: Ensure your firewall allows SSH traffic (typically port 22) between Server A and Server B.