Weblog
Thoughts which doesn't affect the world's peace

   

Passwordless ssh login

It’s frustrating to enter your password over and over again over multiple boxes when you need speed or just if you have to issue commands frequently. One way to avoid this hustle is to enable passwordless ssh login. Note that this should be done in a secured network, where no outside access is possible, as this is security issue you have to consider otherwise!

Before we start, there is something to be configured on the remote box.

Edit remote box’ sshd config file (/etc/ssh/sshd_config for fedora, could vary for different distros) and find these lines:

#RSAAuthentication yes
#PubkeyAuthentication yes

and uncomment them, then restart the ssh daemon (service sshd restart or /etc/init.d/sshd restart).

Back on your local box, generate the key pairs by using:

ssh-keygen -t rsa

The command will output some information similar to:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.

Leave the default location of the file for the key. When prompted for password, you could type in a password you must have then enter on every connection! In most cases, you’d like to leave the password blank. You can upload the just generated key by using:

ssh-copy-id -i ~/.ssh/id_rsa.pub username@remotebox

This command is a script which does all the needed for you – uploads the key file (specified by the -i option or the default if there is no -i; the default is usually ~/.ssh/id_rsa.pub) to the remote machine,  creates the file ~/.ssh/authorized_keys and inserts your key inside. If the file exists, it will just append your key to the end of the file. There shouldn’t be anything else you have to do, so after that, you should be able to login  or execute remote commands without a password.

If your sshd is running on a non-default port, you’ll have to run the command like this (let’s assume you are using port 2222):

ssh-copy-id '-p 2222 -i ~/.ssh/id_rsa.pub username@remotebox'

Tags: , , , ,

This entry was posted on Thursday, December 16th, 2010 at 1:39 pm and is filed under "How to...", Administration (Linux), Linux. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.