In Red Hat 6 (and I’m sure in 5 as well), public key authentication is enabled by default, but if you’re unsure, you can uncomment the option and verify that it is set to yes.
[[email protected] ~]# vim /etc/ssh/sshd_config [[email protected] ~]# egrep 'PubkeyAuthentication|AuthorizedKeysFile' /etc/ssh/sshd_config PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys [[email protected] ~]# service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ]
Once that is complete. We can go to our client pc, generate keys, and copy the public key over.
[[email protected] ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: c6:83:f5:86:ad:cf:06:d3:73:f6:22:8f:0a:a7:06:99 [email protected] The key's randomart image is: +--[ RSA 2048]----+ | | | | | . | | + + | | o. S.+ | | E .o+o o | | .. oo + . | | .+ oo.. . | | .. .o+o.. | +-----------------+ [[email protected] ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.1.1 The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established. RSA key fingerprint is 40:f4:04:4b:68:53:92:55:82:f2:f4:68:db:0a:14:4f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts. [email protected]'s password: Now try logging into the machine, with "ssh '192.168.1.1'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
Once that has completed, we can ssh to 192.168.1.1 (server1) from client1 without a password, but use a private / public key exchange.
Now, let’s configure ntp.
[[email protected] ~]# date Sun Oct 28 04:32:13 CDT 2012 [[email protected] ~]# yum -y install ntp [[email protected] ~]# grep server /etc/ntp.conf # Use public servers from the pool.ntp.org project. server 0.centos.pool.ntp.org server 1.centos.pool.ntp.org server 2.centos.pool.ntp.org #broadcast 192.168.1.255 autokey # broadcast server #broadcast 184.108.40.206 autokey # multicast server #manycastserver 220.127.116.11 # manycast server #server 127.127.1.0 # local clock [[email protected] ~]# ntpdate 0.centos.pool.ntp.org 27 Oct 23:33:34 ntpdate: step time server 18.104.22.168 offset -17998.779036 sec [[email protected] ~]# date Sat Oct 27 23:33:37 CDT 2012 [[email protected] ~]# service ntpd start Starting ntpd: [ OK ] [[email protected] ~]# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== mirror 22.214.171.124 2 u 8 64 1 48.895 1.225 0.000 126.96.36.199 188.8.131.52 2 u 7 64 1 54.330 0.806 0.000 ntp1.Housing.Be 184.108.40.206 2 u 6 64 1 51.920 -6.134 0.000
If you want to use other peers, you can modify the ‘server’ directive in /etc/ntpd.conf. Besure to use ‘chkconfig’ to make ntpd persistent.