Using SSH login without password
This is a simple article that provides the necessary steps to allow ssh login without the need of entering the users password
serverAgenerate a pair of authentication keys:
user@serverA$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/usera/.ssh/id_rsa): <Enter> Created directory '/home/usera/.ssh'. Enter passphrase (empty for no passphrase): <Enter> Enter same passphrase again: <Enter> Your identification has been saved in /home/usera/.ssh/id_rsa. Your public key has been saved in /home/usera/.ssh/id_rsa.pub. The key fingerprint is: a1:b2:c3:d4:e5:f6:7a:8b:9c:0d:1e:2f:a3:b4:c5:d6 usera@serverA The key's randomart image is:do not enter a passphrase, To generate an SSH1 RSA or SSH2 DSA key pair, specify the
- use ssh to create a directory
~/.sshon serverB and append
userassh public key
usera@serverB:.ssh/authorized_keysand enter the users password one last time:
usera@serverA$ ssh usera@serverB mkdir -p .ssh usera@serverA$ cat .ssh/id_rsa.pub | ssh usera@serverB 'cat >> .ssh/authorized_keys'
An alternative on some Linux systems, is to use the
ssh-copy-idscript to append the public key in the local
~/.ssh/id_rsa.pubfile to the
~/.ssh/authorized_keysfile on the remote system, for example:
usera@serverA$ ssh-copy-id usera@serverB usera@serverB's password: remote_password Now try logging into the machine, with "ssh 'usera@serverB'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
When prompted, enter your password for the remote system.
The script also changes the permissions of
~/.ssh/authorized_keyson the remote system to disallow access by your group.
- Now it's a simple as:
usera@serverA$ ssh usera@serverB usera@serverB$
- Verify that the permissions on the remote
~/.ssh/authorized_keysfile allow access only by you:
usera@serverA$ ssh usera@serverB ls -al .ssh total 4 drwx------+ 2 usera mygrp 5 Feb 10 15:47 . drwxr-xr-x+ 3 usera mygrp 9 Feb 10 15:48 .. -rw-------+ 1 usera mygrp 397 Feb 10 15:48 authorized_keys
NOTE: On some systems you need to place the public key in the file