FAQ: Setup Password-less SSH

"There’s No Such Thing As A Silly Question" -- does the cliche sound familiar? In this part of pimp-my-rig reloaded, technical questions are answered. Mail them to me and I will post the answers here. If you have a better answer, by all means share it with us.

FAQ: The age of the use of telnet has gone past. Although it is still used in some applications, ssh seems to have become standard in remotely accessing hosts. However, trying to remotely access another machine (as yourself), you will be asked to present your credentials. This happens again and again. How then can you set-up password-less ssh?

There are several scenarios for password-less ssh. But this FAQ will only cover password-less remote access as the same user (or as yourself).

Begin by accessing a host using your own credentials. Check if the directory $HOME/.ssh already exists. If it exists, ensure that the directory permission is 700 (dwrx------). Otherwise, there is no need to worry as the directory will be created later with the proper permission.

Use ssh-keygen to generate your very own public and private key pair. Do not use a passphrase for completely password-less logins to work.

user@host:~ > ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
e8:3a:ad:11:d5:c5:89:7c:32:d6:3f:62:61:12:43:df user@host

The above command "ssh-keygen -t rsa" initiated the creation of the key pair. The private key was saved in .ssh/id_rsa. This file is read-only and only for you. No one else must see the content of that file, as it is used to decrypt all correspondence encrypted with the public key, which is aptly named .ssh/id_rsa.pub.

NOTE: Generate the key pair file only once. Otherwise, subsequent re-generations of the key pair will invalidate other password-less set-ups already working for you.

With the public and private key pair generated, the contents of the public key (id_rsa.pub) need to be placed inside the authorized_keys file.
user@host:~/.ssh > cat id_rsa.pub >> authorized_keys

On an initial set-up of password-less ssh the file id_rsa.pub can be copied to the file authorized_keys.
user@host:~/.ssh > cp id_rsa.pub authorized_keys

After doing the above steps, subsequent logins will not ask for credentials. It will be password-less.

Aside from sparing yourself from the hassle of being asked a password for each login, password-less ssh can be deployed and has proven to be advantageous in a lot of situations.

In the next FAQ, the steps on password-less ssh for different users and/or different machines will be outlined.

You might also be interested in:

Feedback

We at pimp-my-rig strive to keep on improving, help us reach that goal by leaving comments or constructive criticisms. Don't miss out on our next feature -- subscribe via RSS (What is RSS?).

Share This

0 comments: