Logging In Via SSH Without A Password
Quite often, you want to ssh into a remote server without having to enter a password. I use this mostly for scripts that I want to run non-interactively, like the rdiff-backup script I use for backing up my home computer to a remote server. SSH allows you to do this in a relatively secure way using public key authentication.
The first thing you’ll need is a working ssh server that you want to access, and an ssh client on the computer you want to access it from. ssh is such a common tool in linux, that the client should come pre-installed on your distribution. I’m assuming that you’re looking for answers on this topic because you already have an ssh server you want passwordless access to, so I’m not going to go into detail on setting up an ssh server – although I will cover setting up an existing ssh server for passwordless login.
setting up the server for passwordless login
You will need to make sure that the server will accept passwordless logins. This means you have to enable public key authentication on the server. To do this, open up /etc/ssh/sshd_config in a text editor (I would suggest nano or kate). Then make sure that the following two lines are uncommented, or if not there, add them in. To uncomment the line, remove the ‘#’ from the beginning of the line:
RSAAuthentication yes
PubkeyAuthentication yes
You will need to restart the ssh server. Do this with:
Finally make sure that permissions are right on the server. If there’s no ~/.ssh directory, make one:
Once you’ve got a ~/.ssh directory, change the permissions using:
that should be enough to setup the server side of things.
setting up the client side of the equation
First you’ll need to setup a keypair. If you already have the files ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub, you should be good to go. If not, then you need to add them. Use the following command:
You will then be asked some questions. Simply hit “Enter” to answer them all:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/skx/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/skx/.ssh/id_rsa.
Your public key has been saved in /home/skx/.ssh/id_rsa.pub.
Answering without putting in a password means that the keys can be unlocked without a password, which is the whole point of “passwordless” login. Now we can do a little magic. Previously when setting up passwordless logins with ssh, I’ve gone through a dance of copying keys from the local computer to the remote computer. However, now I’ve found a new programme that does all this automagically. So, type this into a terminal:
ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote_host
Obviously you will need to replace “username” with the user you want to login as on the remote computer, and “remote_host” with the ip/hostname of the ssh server. This command will ask you for a password – don’t be alarmed; this sets up the passwordless-ness, so needs a password to do it. Once you’ve done this, you should be good to go. Try logging into the remote server, and you should be password free.
about 1 year ago
Thank you very much!!!! This has been so clear and sooooo easy!!!!
about 1 year ago
Awsome article… Helped me a lot … Simple..
Suggestion: When we try to add the key there may be an error ” Host key verification failed.”
Please also give suggestion to delete the corresponding line if the error persists.
about 1 year ago
Suggestion: When we try to add the key there may be an error ” Host key verification failed.”
+1
about 1 year ago
Is this method secure enough for a production environment? It would seem that some would want the added security of forcing a password for authentication. Plus it helps one remember their password, if they are using it to login often. I typically change the ssh port for added security.
about 1 year ago
I wouldn’t use it in a production environment. I use it on my home network for convenience. There is always a trade-off between security and convenience – you’ll have to make your own assessment of where you are comfortable on that continuum.
about 1 year ago
Also mention the need for both the users (local and remote) to have a home directory setup. What are the required settings related to this?
about 1 year ago
I’m not sure what you mean.
about 1 year ago
To get ssh-copy-id on Mac, look here:
http://thesystemisntdown.blogspot.com/2010/03/ssh-copy-id-on-os-x.html#comment-form
about 1 year ago
ssh-keygen -t dsa -f ~/.ssh/airtonix.edge.local -C “airtonix@edge.local” && cat ~/.ssh/airtonix.edge.local.pub | ssh airtonix@edge.local ‘cat – >> ~/.ssh/authorized_keys’
orzin.local is the client
edge.local is the server.
this doesn’t work.
however from the servers point of view :
ssh-keygen -t dsa -f ~/.ssh/airtonix.orzin.local.id_dsa -C “airtonix@orzin.local” && cat ~/.ssh/airtonix.orzin.local.id_dsa.pub | ssh airtonix@orzin.local ‘cat – >> ~/.ssh/authorized_keys’
Does work.
so in summary, I can passwordless login from edge to orzin, but not from orzin to edge.
any ideas
about 1 year ago
about 1 year ago
very clear, thanks.
itconsult.hk/blog
about 1 year ago
Hi,
Awesome article..
The above procedure helps you to login from master node (say) to slave node (say). To do passwordless login from slave node to master, create a keypair in master node also and copy that in slave node.
In the entire process it would be better to chande the permission of the file id_rsa.pub to 600.
I had tried in my system and is working fine..
Thanx.