Passwordless ssh

Intro

Passwordless logins over ssh are both practical and secure.

This is how to set it up.

 

Assumptions

You're have an account on a local client with which you're ssh'ing to a server running the ss-daemon on port 2222.

You also already have an account on the remote server.  

 

Guide

Login to your account on the local client and open a terminal.

Enter the following.

$ ssh-keygen 
Generating public/private rsa key pair. 
Enter file in which to save the key (/home/test/.ssh/id_rsa): [Accept the default path by pressing Escape] 
Created directory '/home/test/.ssh'. 
Enter passphrase (empty for no passphrase): [Press Enter] 
Enter same passphrase again: [Press Enter] 
Your identification has been saved in /home/test/.ssh/id_rsa. 
Your public key has been saved in /home/test/.ssh/id_rsa.pub. 
The key fingerprint is: 
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:X:XX test@cyndane2 
The key's randomart image is: 
+--[ RSA 2048]----+ 
| | 
| | 
| T . | 
| o Yo + | 
| E @ * S + | 
| o o + . = | 
| + .p. | 
| . .x| 
| e. | 
+-----------------+  

 

Now we have the ssh keypairs! We need to authorize them. This is done like so.

$ cd ~/.ssh 
$ cat id_rsa.pub >> authorized_keys 
$ cat id_rsa.pub >> authorized_keys2

 

For safety, check the permissions on the .ssh folder as well as the files therein.

$ chmod -v 700 ~/.ssh 
$ chmod -v 644 ~/.ssh/* 
$ chmod -v 600 ~/.ssh/id_rsa

 

Also see Troubleshooting ssh "Unspecified GSS failure" regarding the permissions. Wrong permissions on the keys can create a common problem.  

 

Now it's time to distribute your public key to the remote server.

$ cd ~/.ssh 
$ ssh-copy-id -p 2222 "-i id_rsa.pub root@cyndane2" 
The authenticity of host '[cyndane2]:2222 ([::1]:2222)' can't be established. 
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:X:XX. 
Are you sure you want to continue connecting (yes/no)? yes 
Warning: Permanently added '[cyndane2]:2222' (RSA) to the list of known hosts. 
root@cyndane2's password: [Enter your root account password here!] 
Now try logging into the machine, with "ssh '-p 2222 root@cyndane2'", and check in: 
.ssh/authorized_keys 
to make sure we haven't added extra keys that you weren't expecting.  

 

Now the tricky thing is that the -p flag isn't at the same place for ssh as for ssh-copy-id, so try this instead of just copy'n'pasting.

$ ssh root@cyndane2 -p 2222 
Last login: Thu Nov 8 14:47:32 2018 from cyndane2 
root@cyndane2:~ #  

 

Aaaand were in!

Repeat the ssh-copy-id procedure as needed to all your remote servers.

The ssh-keygen procedure is only done once though!    

 

Sources

From all over the interwebs!        

Hits: 875

Related articles

Popular tags

linux 120 CentOS 48 Windows 34 Ubuntu 31 Kubuntu 17 notes 15 ssh 14 virtualbox 12 vbox 11 CLI 10 server 9 vbix 9 Debian 8 delete 8 backuppc 7

Stop Spam Harvesters, Join Project Honey Pot

  

Get a free SSL certificate!

  

The leading nonprofit defending digital privacy, free speech, and innovation.

  

The Linux Foundation provides a neutral, trusted hub for developers and organizations to code, manage, and scale open technology projects and ecosystems.

  

Kubuntu is an operating system built by a worldwide community of developers, testers, supporters and translators.

  

 43ef5c89 CanonicalUbuntudarktext