Password-less SSH Login
Filed under linux
I manage several linux server to which I must login on a daily basis using SSH. Each server has different credentials.
Not only do I use SSH, but I often use SCP (secure copy) to copy files from one server to another. Both commands require a password.
There is a way, however, to create a unique key pair so that you can login to a remote server without having to enter a password.
SSH Without a Password
The steps are simple and straightforward.
1. On the client run the following commands:
$ mkdir -p $HOME/.ssh
$ chmod 0700 $HOME/.ssh
$ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ”
NOTE: Those are a pair of single quotes after the -P, which will set an empty password.
This will create two keys, a private key and a public key, the .ssh folder.
2. Copy $HOME/.ssh/id_dsa.pub to the remote server.
3. Log in to the remote server and run the following commands:
$ cat id_dsa.pub >> .ssh/authorized_keys
$ chmod 0600 .ssh/authorized_keys
That’s it! You can log out of the remote server then log in using SSH and will not be prompted for a password.
scott@blackjack:~$ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ”
Generating public/private dsa key pair.
Your identification has been saved in /home/scott/.ssh/id_dsa.
Your public key has been saved in /home/scott/.ssh/id_dsa.pub.
The key fingerprint is:
a5:3c:b6:e9:13:85:62:34:ee:6f:56:47:46:6f:dd:8b scott@blackjack
The key’s randomart image is:
+–[ DSA 1024]—-+
| |
| o . |
| o . … . ..|
| +..o. o o o|
| o .S. o .. .|
| …+. .E . |
| .oo . |
| .= |
| o.. |
+—————–+
scott@blackjack:~$ cd .ssh
scott@blackjack:~/.ssh$ ll
total 24
drwx—— 2 scott scott 4096 2010-08-17 09:01 ./
drwxr-xr-x 55 scott scott 4096 2010-08-17 08:58 ../
-rw——- 1 scott scott 668 2010-08-17 09:01 id_dsa
-rw-r–r– 1 scott scott 605 2010-08-17 09:01 id_dsa.pub
-rw-r–r– 1 scott scott 4714 2010-06-25 14:55 known_hosts
scott@blackjack:~/.ssh$ scp id_dsa.pub sstanger@midnight:/home/sstanger/
sstanger@midnight’s password:
id_dsa.pub 100% 605 0.6KB/s 00:00
scott@blackjack:~/.ssh$ ssh sstanger@midnight
sstanger@midnight’s password:
[sstanger@midnight ~]$ cat id_dsa.pub >> .ssh/authorized_keys
[sstanger@midnight ~]$ chmod 0600 .ssh/authorized_keys
[sstanger@midnight ~]$ exit
Connection to midnight closed.
scott@blackjack:~/.ssh$ cd
scott@blackjack:~$
scott@blackjack:~$ ssh sstanger@midnight
[sstanger@midnight ~]$
NOTE: On some systems the ssh policies may not allow this. If this is the case then you can make this change on the remote host:
[sstanger@midnight ~]$ mv .ssh/authorized_keys .ssh/authorized_keys2
[sstanger@midnight ~]$ chmod 700 .ssh
[sstanger@midnight ~]$ chmod 640 .ssh/authorized_keys2
Share This
Aug17
With a passion for PHP development, I provide freelance resources for both front end and back end PHP/MySQL projects.