{ 2008 08 17 }

Passwordless SSH

Secure Shell (ssh) is a widely used UNIX tool to manage remote servers over a secured connection. Typically, the syntax is:

ssh username@remoteserver

However, ssh is a highly versatile tool. For example, if you ran the ssh daemon (or background process) on a port other than the default (22) — let’s say 8800 — you would execute the following command:

ssh -p 8800 username@remoteserver

Another useful feature that ssh is capable of is “passwordless authentication.” To do this, you have to:

  1. Generate a private SSH key pair
  2. Upload the public key to the server
  3. Test it

First, generate the key:

ssh-keygen -t rsa

*To generate a ‘passwordless’ key, do not enter anything when prompted for a password. (This typically is not recommended, however I use passwordless SSH for my rsync tutorial). Just press [Enter]. For a complete list of the ssh-keygen parameters, ie., number of bytes the key should contain, ‘man ssh-keygen’. Next, upload the key to the server.

Method 1:

  • fish:// protocol (included in KDE’s Konqueror)
  • Screen sessions (using copy/paste — although my reason for using ’screen’ is explained next)

I use ’screen’ to test the SSH key for a very good reason — the chance of getting locked out of the server. Let’s face it. Weird things happen. That includes corrupt file transfers. If you upload the key using the ssh protocol alone (which is possible), and the file is corrupt in transit, there is a (slight) chance of locking yourself out of your server. That would be bad.

So now, copy the information to the remote server:

cd ~/.ssh
less id_rsa.pub

The information starting with “ssh-rsa” to “username@host” all has to be copied to the server’s ~/authorized_keys file. If you would rather append a key (if you wanted more than one passwordless client), copy the file as a different filename, for example, my_key, and on the server, run:

cd ~/.ssh
cat my_key >> authorized_keys

Method 2:
Use the ssh-copy-id tool included with OpenSSH to upload the key to the ~/.ssh/authorized_keys file for remoteuser@remotehost.

ssh-copy-id ~/.ssh/id-rsa.pub remoteuser@remotehost
ssh remoteuser@remotehost

Now, you’re ready to test your passwordless ssh connection.

Posted by Glen Barber on Sunday, August 17th, 2008, at 8:21 am, and filed under Unix.

Follow any responses to this entry with the RSS 2.0 feed.

You can post a comment, or trackback from your site.