Contents[Show]

1. Intro

Passwordless logins over ssh are both practical and secure.

This is how to set it up.

1.1. Assumptions

You're have an account on a local client with which you're ssh'ing to a server running the ss-daemon on port 2222.

You also already have an account on the remote server.

 

2. Guide

Login to your account on the local client and open a terminal.

Enter the following.

$ ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa): [Accept the default path by pressing Escape]
Created directory '/home/test/.ssh'.
Enter passphrase (empty for no passphrase): [Press Enter]
Enter same passphrase again: [Press Enter]
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:X:XX test@cyndane2
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| T . |
| o Yo + |
| E @ * S + |
| o o + . = |
| + .p. |
| . .x|
| e. |
+-----------------+


 

Now we have the ssh keypairs! We need to authorize them. This is done like so.

$ cd ~/.ssh
$ cat id_rsa.pub >> authorized_keys
$ cat id_rsa.pub >> authorized_keys2

For safety, check the permissions on the .ssh folder as well as the files therein.

$ chmod -v 700 ~/.ssh
$ chmod -v 644 ~/.ssh/*
$ chmod -v 600 ~/.ssh/id_rsa

Also see Troubleshooting ssh "Unspecified GSS failure" regarding the permissions. Wrong permissions on the keys can create a common problem.

 

Now it's time to distribute your public key to the remote server.

$ cd ~/.ssh
$ ssh-copy-id -p 2222 "-i id_rsa.pub root@cyndane2"

The authenticity of host '[cyndane2]:2222 ([::1]:2222)' can't be established.
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:X:XX.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[cyndane2]:2222' (RSA) to the list of known hosts.
root@cyndane2's password: [Enter your root account password here!]
Now try logging into the machine, with "ssh '-p 2222 root@cyndane2'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

 

Now the tricky thing is that the -p flag isn't at the same place for ssh as for ssh-copy-id, so try this instead of just copy'n'pasting.

$ ssh root@cyndane2 -p 2222
Last login: Thu Nov 8 14:47:32 2018 from cyndane2
root@cyndane2:~ #

Aaaand were in!

Repeat the ssh-copy-id procedure as needed to all your remote servers.

The ssh-keygen procedure is only done once though!

 

 

3. Sources

From all over the interwebs!