208.319.9835

Boise, Idaho
Or Remote

Password-less SSH Login

I manage several linux server to which I must login on a daily basis using SSH. Each server has different credentials.

Not only do I use SSH, but I often use SCP (secure copy) to copy files from one server to another. Both commands require a password.

There is a way, however, to create a unique key pair so that you can login to a remote server without having to enter a password.

SSH Without a Password

The steps are simple and straightforward.

1. On the client run the following commands:

$ mkdir -p $HOME/.ssh
$ chmod 0700 $HOME/.ssh
$ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ''
$

NOTE: Those are a pair of single quotes after the -P, which will set an empty password.
This will create two keys, a private key and a public key, the .ssh folder.

2. Copy $HOME/.ssh/id_dsa.pub to the remote server.

3. Log in to the remote server and run the following commands:

$ cat id_dsa.pub >> .ssh/authorized_keys
$ chmod 0600 .ssh/authorized_keys
$

That’s it! You can log out of the remote server then log in using SSH and will not be prompted for a password.

scott@blackjack:~$ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ''
Generating public/private dsa key pair.
Your identification has been saved in /home/scott/.ssh/id_dsa.
Your public key has been saved in /home/scott/.ssh/id_dsa.pub.
The key fingerprint is:
a5:3c:b6:e9:13:85:62:34:ee:6f:56:47:46:6f:dd:8b scott@blackjack
The key's randomart image is:
+--[ DSA 1024]----+
|                 |
|      o     .    |
|     o . ... . ..|
|      +..o. o o o|
|     o .S. o .. .|
|      ...+. .E . |
|       .oo .     |
|       .=        |
|       o..       |
+-----------------+
scott@blackjack:~$ cd .ssh
scott@blackjack:~/.ssh$ ll
total 24
drwx------  2 scott scott 4096 2010-08-17 09:01 ./
drwxr-xr-x 55 scott scott 4096 2010-08-17 08:58 ../
-rw-------  1 scott scott  668 2010-08-17 09:01 id_dsa
-rw-r--r--  1 scott scott  605 2010-08-17 09:01 id_dsa.pub
-rw-r--r--  1 scott scott 4714 2010-06-25 14:55 known_hosts
scott@blackjack:~/.ssh$ scp id_dsa.pub sstanger@midnight:/home/sstanger/
sstanger@midnight's password:
id_dsa.pub                                                                                                      100%  605     0.6KB/s   00:00
scott@blackjack:~/.ssh$ ssh sstanger@midnight
sstanger@midnight's password:
[sstanger@midnight ~]$ cat id_dsa.pub >> .ssh/authorized_keys
[sstanger@midnight ~]$ chmod 0600 .ssh/authorized_keys
[sstanger@midnight ~]$ exit
Connection to midnight closed.
scott@blackjack:~/.ssh$ cd
scott@blackjack:~$
scott@blackjack:~$ ssh sstanger@midnight
[sstanger@midnight ~]$

NOTE: On some systems the ssh policies may not allow this. If this is the case then you can make this change on the remote host:

[sstanger@midnight ~]$ mv .ssh/authorized_keys .ssh/authorized_keys2
[sstanger@midnight ~]$ chmod 700 .ssh
[sstanger@midnight ~]$ chmod 640 .ssh/authorized_keys2
[sstanger@midnight ~]$

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>