Monday, July 9, 2007

passwordless ssh howto

Supposed you feel more convenient and hassle-free to ssh into your server box without being asked for any password. Below is an elaborated roll out of a passwordless ssh connection.

We would require 2 linux boxes here, referred to as remote box and a local box. And our objective here is to have a passwordless ssh connection from your local box into your remote box via ssh.

Let us start from the local box.

First, we need to generate a 1024-bit rsa key. We are going to use rsa key pairs here instead of dsa ones. We won't be using dsa unless rsa is not wokring. Simply issue this command as root

# ssh-keygen -t tsa -b 1024

By default, the output files of this command are

/root/.ssh/id_rsa
/root/.ssh/id_rsa.pub

You will be asked interactively when these files does exist. Additionally, we are not going to enter any passphrase for now, that means we are going to hit the enter key 2 times when asked as things would still work out right without the passphrase.

Below is sample CLI screen that you'll be seeing during the creation of the 1024 bit rsa pair keys.

[root@ver .ssh]# ssh-keygen -t rsa -b 1024
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
0c:33:54:c4:47:4f:35:db:31:57:63:5b:a4:77:f2:43 root@yourdomain.com

I have not enter any passphrase as you can see.

Now, still from local box, establish ssh connection into your remote box. By default, this ssh connection would drop you automatically into your default path location, normally it would be /home/yourusername, and from there, NOT as root, create .ssh folder like so

yourusername@yourhost ~]$ mkdir .ssh

After that, type exit to close current ssh session with remote box.

Back to your local box, let us transfer the rsa key file /root/.ssh/id_rsa.pub into the .ssh folder we've just created from the remote box, like so:

AS ROOT FROM LOCAL BOX:
# cd /root/.ssh
# scp -C id_rsa.pub yourusername@yourremoteboxip:~yourusername/.ssh/authorized_keys

This would transfer the file /root/.ssh/id_rsa.pub into the remote box and saved it as authorized_keys done via ssh. The file would be dropped into your home folder owned by your own user account.

The easiest way to do it is by using ssh-copy-id :

# ssh-copy-id -i /root/scripts/id_rsa.pub your-username@yourdomainname.com


AS YOUR NORMAL USER ACCOUNT FROM REMOTE BOX DO:

# cd ~yourusername/.ssh
# chmod 600 authorized_keys
# chown yourusername:yourusername authorized_keys

Finally, close all your ssh connection and now try a password-less ssh with your remote box.

...works like magic!

0 comments:

Sign up for PayPal and start accepting credit card payments instantly.
ILoveTux - howtos and news | About | Contact | TOS | Policy