Squirreling

storing bits of the internet away for a rainy day

«
»

Passwordless ssh

Posted by squirreling on June 11, 2008

http://linuxproblem.org/art_9.html

SSH login without password

Your aim

You want to use Linux and OpenSSH to automize your tasks. Therefore you need an automatic login from host local / user me to Host remote / user metoo. You don’t want to enter any passwords, because you want to call ssh from a within a shell script.

How to do it

First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:

me@local:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/me/.ssh/id_rsa):
Created directory '/home/me/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/me/.ssh/id_rsa.
Your public key has been saved in /home/me/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 me@local
me@local:~> chmod 600 /home/me/.ssh/id_rsa

Now use ssh to create a directory ~/.ssh as user metoo on remote. (The directory may already exist, which is fine):

me@local:~> ssh metoo@remote mkdir -p .ssh && chmod 700 .ssh
metoo@remote's password:

Finally append a’s new public key to metoo@remote:.ssh/authorized_keys and enter metoo’s password one last time:

me@local:~> cat .ssh/id_rsa.pub | ssh metoo@remote 'cat >>
.ssh/authorized_keys'
metoo@remote's password:
me@local:~> ssh metoo@remote chmod 644 .ssh/authorized_keys
metoo@remote's password:

From now on you can log into remote as metoo from local as me without password:

me@local:~> ssh metoo@remote hostname
remote

Keywords: ssh openssh password Author: Mathias Kettner

* Edited by me to change the users/hosts to me@local and metoo@remote

* Edited so that files have correct permissions. The .ssh directory should be 700, the .ssh/id_rsa should be 600, and the .ssh/authorized_keys file should be 644. Added troubleshooting section. Thanks to this thread for help setting up passwordless ssh on fedora.

Troubleshooting:

  • On the remote machine, kill sshd (try ’sudo /etc/init.d/sshd stop’ or ’sudo pkill sshd’)
  • Run sshd on the remote machine with ’sshd -dd -e’ to view verbose output
  • Open a new terminal on the local machine and try to login to the remote (’ssh -v metoo@remote’)
  • Look for any error messages in the output. Fix them then restart sshd. (’sudo /etc/init.d/sshd start’)

This entry was posted on June 11, 2008 at 11:13 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»