password-less ssh logins

Posted: June 8, 2007 in next to nothing

logins can be such a hassle when you have a lot of servers to maintain. unless if you have a photographic memory, then maybe you won’t have to always open that secret file where you keep your passwords.

the key to password-less ssh logins is via private and public keys. and doing this is very easy. all you need is the ssh-keygen tool. most of the time this tool comes installed with your favorite Linux distro.

1.) generate the key
ssh-keygen -t TYPE -f OUTPUT_FILE

the options shown above are the most basic. TYPE is the type of key to generate, such as RSA or DSA. OUTPUT_FILE is arbitrary. so you can name the key as you please.

here’s an example:
ssh-keygen -t rsa -f ~/.ssh/my_key

the above command will generate 2 files, my_key and my_key is the private key, while the other with a .pub extension is the public key. you should save the private key in a secure place that is only readable by your user. since this is your own private key, it is a good habit to put it in the directory ~/.ssh or /home/USERNAME/.ssh/ , where USERNAME is your username. you can always tell ssh to look in another place by editing the config file, which we will do later.

it will also ask you for a passphrase for this particular key. you can either place one or just hit enter for none. it is not usually required. but the point here is that you can have the same passphrase for different remote hosts since you would only be needing one key for all. but then again it is always up to you and how paranoid you are! 😛

2.) copy the public key to the remote host
you can copy the public key file any way you want it. i would suggest that you copy it via a secure protocol like sftp or scp. on the command line i prefer using scp when copying or writing between remote hosts. so continuing from the example above, would do it like this:

scp ~/.ssh/

The first parameter to the command scp is the full path to my public key file – ~/.ssh/ after it is the host where you want to upload the public key followed by a colon and then the path to the directory where you want it copied.

in the example above i am copying my public key as root in under the root directory .ssh.

3.) append the public key to the authorized_keys file on the remote host

ssh to that host where you copied your public key. then cd to .ssh, or wherever you placed it. in this example i placed it in the .ssh directory of root.

cat >> authorized_keys2

this means that you are appending to the file authorized_keys2. the latter file is the file checked by the ssh protocol version 2.

4.) edit the ssh_config file
in your local host, edit (as root) the file /etc/ssh/ssh_config. add the following line:

IdentityFile ~/.ssh/my_key

this tells ssh where to look for the your private key and match it whenever you are attempting to connect to a remote host. you don’t need to tell ssh that you have a key somewhere. it will do that for you. by default it would attempt to look for private/public keys between your local host and the remote host. if it doesn’t find any then this is the time it will ask you for the password.

after you’ve done these steps test it out. repeat the same steps on another remote host but skip step 1. now you can connect to your remote hosts without a password! yehey!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s