Using SSH login without password
This is a simple article that provides the necessary steps to allow ssh login without the need of entering the users password
- on
serverA
generate a pair of authentication keys:user@serverA$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/usera/.ssh/id_rsa): <Enter> Created directory '/home/usera/.ssh'. Enter passphrase (empty for no passphrase): <Enter> Enter same passphrase again: <Enter> Your identification has been saved in /home/usera/.ssh/id_rsa. Your public key has been saved in /home/usera/.ssh/id_rsa.pub. The key fingerprint is: a1:b2:c3:d4:e5:f6:7a:8b:9c:0d:1e:2f:a3:b4:c5:d6 usera@serverA The key's randomart image is:
do not enter a passphrase, To generate an SSH1 RSA or SSH2 DSA key pair, specify the-t rsa1
or-t dsa
options. - use ssh to create a directory
~/.ssh
on serverB and appendusera
ssh public keyusera@serverB:.ssh/authorized_keys
and enter the users password one last time:usera@serverA$ ssh usera@serverB mkdir -p .ssh usera@serverA$ cat .ssh/id_rsa.pub | ssh usera@serverB 'cat >> .ssh/authorized_keys'
An alternative on some Linux systems, is to use the
ssh-copy-id
script to append the public key in the local~/.ssh/id_rsa.pub
file to the~/.ssh/authorized_keys
file on the remote system, for example:usera@serverA$ ssh-copy-id usera@serverB usera@serverB's password: remote_password Now try logging into the machine, with "ssh 'usera@serverB'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
When prompted, enter your password for the remote system.
The script also changes the permissions of
~/.ssh
and~/.ssh/authorized_keys
on the remote system to disallow access by your group. - Now it's a simple as:
usera@serverA$ ssh usera@serverB usera@serverB$
- Verify that the permissions on the remote
~/.ssh
directory and~/.ssh/authorized_keys
file allow access only by you:usera@serverA$ ssh usera@serverB ls -al .ssh total 4 drwx------+ 2 usera mygrp 5 Feb 10 15:47 . drwxr-xr-x+ 3 usera mygrp 9 Feb 10 15:48 .. -rw-------+ 1 usera mygrp 397 Feb 10 15:48 authorized_keys
NOTE: On some systems you need to place the public key in the file .ssh/authorized_keys2