ssh without a password
I do a lot of work that requires me to log in and out of remote machines using SSH. As a result, I prefer to configure my laptop (working machine) to SSH without prompting for a password on those machines I know to be secure.
Here's how to do it.
Step 1 - the local machine
From the machine I will be using to connect to the remote machine, I run the following from the command line (within the ~/.ssh/ directory):
ssh-keygen -t dsa
Note that I'm using SSH-2 - which if you're using a new Mac will probably be the default. If you are using SSH-1 you need the command:
ssh-keygen -t rsa1
Then I select the default name for the key and leave the pass phrase blank (pressing enter twice).
Now within the ~/.ssh/ directory is a file either called id_dsa.pub or identity.pub (depending on the version of SSH you are using).
Keep note of this file, we'll need the contents of it for step 2.
Step 2 - the remote machine
Log in to the remote machine as you normally would. Now in ~/.ssh/ you need to add the contents of the .pub file made above to the 'authorized_keys' file in ~/.ssh/ - if it doesn't exist, you need to add it:
In the example below, I've copied the public file across to the remote machine, an I will delete it after I'm done.
cat id_dsa.pub >> ~/.ssh/authorized_keys
Finally, on the remote machine you want to access, make sure the authorized_keys file is properly chmod'ed:
chmod 600 ~/.ssh/authorized_keys
Closing up
A word of warning: though it sounds obvious, you can now connect to the remote machine without a password.
This means if your local machine is compromised, you can assume the remote machine is also.
If this happens, delete the entry in authorized_keys on the remote machine and you've closed that security problem.
You can also use this technique if you're using CVS and don't want to be prompted for the password all the time.
I hope that's of help - I know I keep forgetting it so I needed to write it down somewhere!
You should follow me on Twitter here I'll tweet about JavaScript, HTML 5 and other such gems (amongst usual tweet-splurges)
7 Responses to “ssh without a passwordâ€
- Jonathan Chong March 17th, 2007 at 11:04 am
Dude, this doesn't work for me. I still get asked for a password.
- Alex Greg March 22nd, 2007 at 12:57 pm
Permissions on ~/.ssh/authorized_keys need to be 600, or you'll still get prompted for a password.
- Blog Author Remy Sharp March 22nd, 2007 at 1:00 pm
@Alex - good stuff - I kept testing it out and it worked locally, but not in other environments - how with the 600 permissions it worked. How's a clever sys-chap! Cheers!
- Jonathan Chong March 29th, 2007 at 6:42 am
The Gregster pulls it off again. This works now, cheers Alex.
Remy, that should be included as part of the tutorial. Thanks for this!
- PegJik August 14th, 2007 at 3:23 pm
Hi!
I've followed this tips and made it work.
But my .ssh dir has more then one "authorizedkeys" file. I've got 4 of them (authorizedkeys, authorizedkeys2, authorizedkeys3, authorized_keys4).
The first and the last one have something like this:
SSH PRIVATE KEY FILE FORMAT 1.1
followed by a bunch of non-ASCII charsIn the other two files have:
'ssh-rsa a bunch of chars I presume to be the key== user@host'I've appended the iddsa.pub to the 'authorizedkeys2' and that worked.
Does anyone knows if the other files are needed? I can delete them?
Thanks- ilnino October 2nd, 2007 at 3:22 pm
I had to made a backup, and search for this kind of doc. SSH to another computer it is working, but is I want to made a scp it fails.
But, using this doc and sftp to copy files works. This if anyone is interesting in this implementation