ssh without a password

ssh without a password

I do a lot of work that requires me to log in and out of remote machines using SSH. As a result, I prefer to configure my laptop (working machine) to SSH without prompting for a password on those machines I know to be secure.

Here's how to do it.

Step 1 - the local machine

From the machine I will be using to connect to the remote machine, I run the following from the command line (within the ~/.ssh/ directory):

ssh-keygen -t dsa

Note that I'm using SSH-2 - which if you're using a new Mac will probably be the default. If you are using SSH-1 you need the command:

ssh-keygen -t rsa1

Then I select the default name for the key and leave the pass phrase blank (pressing enter twice).

Now within the ~/.ssh/ directory is a file either called id_dsa.pub or identity.pub (depending on the version of SSH you are using).

Keep note of this file, we'll need the contents of it for step 2.

Step 2 - the remote machine

Log in to the remote machine as you normally would. Now in ~/.ssh/ you need to add the contents of the .pub file made above to the 'authorized_keys' file in ~/.ssh/ - if it doesn't exist, you need to add it:

In the example below, I've copied the public file across to the remote machine, an I will delete it after I'm done.

cat id_dsa.pub >> ~/.ssh/authorized_keys

Finally, on the remote machine you want to access, make sure the authorized_keys file is properly chmod'ed:

chmod 600 ~/.ssh/authorized_keys

Closing up

A word of warning: though it sounds obvious, you can now connect to the remote machine without a password.

This means if your local machine is compromised, you can assume the remote machine is also.

If this happens, delete the entry in authorized_keys on the remote machine and you've closed that security problem.

You can also use this technique if you're using CVS and don't want to be prompted for the password all the time.

I hope that's of help - I know I keep forgetting it so I needed to write it down somewhere!

You should follow me on Twitter here I'll tweet about JavaScript, HTML 5 and other such gems (amongst usual tweet-splurges)

7 Responses to “ssh without a password”

  1. Jonathan Chong March 17th, 2007 at 11:04 am
  2. Dude, this doesn't work for me. I still get asked for a password.

  3. Alex Greg March 22nd, 2007 at 12:57 pm
  4. Permissions on ~/.ssh/authorized_keys need to be 600, or you'll still get prompted for a password.

  5. Blog Author Remy Sharp March 22nd, 2007 at 1:00 pm
  6. @Alex - good stuff - I kept testing it out and it worked locally, but not in other environments - how with the 600 permissions it worked. How's a clever sys-chap! :-)Cheers!

  7. Jonathan Chong March 29th, 2007 at 6:42 am
  8. The Gregster pulls it off again. This works now, cheers Alex.

    Remy, that should be included as part of the tutorial. Thanks for this!

  9. PegJik August 14th, 2007 at 3:23 pm
  10. Hi!
    I've followed this tips and made it work.
    But my .ssh dir has more then one "authorizedkeys" file. I've got 4 of them (authorizedkeys, authorizedkeys2, authorizedkeys3, authorized_keys4).
    The first and the last one have something like this:
    SSH PRIVATE KEY FILE FORMAT 1.1
    followed by a bunch of non-ASCII chars

    In the other two files have:
    'ssh-rsa a bunch of chars I presume to be the key== user@host'

    I've appended the iddsa.pub to the 'authorizedkeys2' and that worked.
    Does anyone knows if the other files are needed? I can delete them?
    Thanks

  11. ilnino October 2nd, 2007 at 3:22 pm

I had to made a backup, and search for this kind of doc. SSH to another computer it is working, but is I want to made a scp it fails.

But, using this doc and sftp to copy files works. This if anyone is interesting in this implementation

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值