Passwordless SSH Logins

From NeilDocs

Jump to: navigation, search

Contents

[edit] Quick Version 

[user@local ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):    //Just hit Enter for our purposes or provide a different path
Enter passphrase (empty for no passphrase):                      //This is a passwordless setup, just hit Enter
Enter same passphrase again:                                     //hit Enter again
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
f6:61:a8:27:35:cf:4c:6d:13:22:70:cf:4c:c8:a0:23 user@local

[user@local ~]# ls .ssh/          //hit Enter
id_rsa  id_rsa.pub

[user@local ~]# scp id_rsa.pub user@remoteserver.com:~/.ssh/authorized_keys2

[user@local ~]# ssh user@remoteserver.com

[user@remoteserver ~]$ chmod 600 .ssh/authorized_keys2

[edit] Introduction

Logging into a remote Linux server is a simple thing, provided you have are a user of that system and can remember your password. What if you login to that system 15 times a day for various tasks and don't want to just leave an open connection taking up processing cycles and desktop space. I guess Apple's answer to this is Spaces, but we all know what those are, and there is yet a better way. Enter passwordless ssh connections.

There are many instances in which you want to make logging into a remote Linux or other server a mindless effort. Who wants to deal with passwords on a system that you either login to frequently or have automated scripts logging into?

I have created this tutorial for my own purposes as I cannot always remember how to do it, but if you find it useful that's cool too.

So let's begin

[edit] Generating Keys

Passwordless logins depend on a pair of keys that can be generated from your local machine. These "keys" are not actual metal keys, but virtual, text-based keys that are made of a long series of characters that at first glance seem nonsensical. Of course subsequent glances also reveal them to continue to be nonsensical. So how do I generate these keys and what are they, you may ask. Good question.

Start by typing 

[user@local ~]# ssh-keygen -t rsa

To which you presented with: 

[user@client.com~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):    //Just hit Enter for our purposes or provide a different path
Enter passphrase (empty for no passphrase):                      //This is a passwordless setup, just hit Enter
Enter same passphrase again:                                     //hit Enter again
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
f6:61:a8:27:35:cf:4c:6d:13:22:70:cf:4c:c8:a0:23 user@local

Man that was difficult wasn't it. You could take a break here if you wanted. If not, let's move ahead. There are a few things to discuss. One is the choice of using ssh-keygen -t rsa versus using ssh-keygen -t dsa

RSA was implemented in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman at MIT.... BORING!!, read it here for yourself. RSA and DSA You should read up on it so that you know what you are choosing, but both are considered very secure.

The next thing is the passphrase. The obvious question one would ask is, if I already know my password why do I need to specify another one in the form of a passphrase? Well, for our purposes we don't specify one so that we have a truly passwordless login, but what if you still want a password, but don't want to have to remember different ones for each of the many servers you login into each day. That is what this option is for. You can create a key pair with your own passphrase that meets your requirements and use it on many systems without the hassle of dealing with password restrictions implemented by the local sysadmin. You will still need to remember the password required for that server, but you won't need to use it all the time.

Ok, so now that we have that stuff out of the way, we are left with two files on our system located in /home/user/.ssh/ If we now type: 

[user@local ~]# ls .ssh/          //hit Enter
id_rsa  id_rsa.pub

[edit] Using our keys

So how do we inform the servers we use that we have these keys and actually login without a password? Well we need to copy this information to those servers somehow.

These two files are different and you want to be sure to copy the correct one. One file is simply id_rsa, where are the other id_rsa.pub, the pub on the end stands for public. We are free to give this public key to, well, the public. THe public being these different servers. So do that we simply type: 

[user@local ~]# scp id_rsa.pub user@remoteserver.com:~/.ssh/authorized_keys2

You will presented with a prompt for a password this time, but it is soon to be the last time. In fact, if you now type 

[user@local ~]# ssh user@remoteserver.com

You should be able to just login without any prompt for a password.

But there is one last thing we should do and that is change the permissions on the remote server to the public key. 

[user@remoteserver ~]$ chmod 600 .ssh/authorized_keys2

That's it you're done.

Retrieved from "http://www.happystoddards.com/neildocs/index.php/Passwordless_SSH_Logins"
Personal tools