OpenSSH Passwordless Login

From banana_wiki
Jump to: navigation, search

This is an easy but goodie, and I got most of this from the debian admin site. OpenSSH is a great tool that lets you run commands on remote systems. If you have ever wanted to automate commands and tasks via SSH but did not want to store your password in the script files this tutorial is for you! We are able to authenticate to a remote system without ever entering a password via the use of public keys. This tutorial will work for nearly any operating system running OpenSSH. First we need to generate a new keypair:

ssh-keygen -t rsa

You will then be prompted for a few questions, you will want to just hit enter and accept the defaults:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/

Note: If you accept the defaults you’ll have a pair of files created, as shown above, with no passphrase. This means that the key files can be used as they are, without being “unlocked” with a password first. If you’re wishing to automate things this is what you want. Next we will need to get the newly generated public key on the remote host:

ssh-copy-id -i ~/.ssh/ username@remote_host

Do not forget to change username and remote host to your actual information. Also this will prompt you for the password on the remote host, this is the last time you will need to enter it. Once that has completed you will be able to login and or issues commands without entering a password on the remote host. Test by entering:

ssh user@remote_host uptime

Troubleshooting, what if that does not work? Possible issues: -The remote SSH server is not setup to allow public key authentication -File permissions cause problems -Your keytype is not supported. If the remote server does not permit public key authentication and you have root access on the remote server: Open sshd config

nano /etc/sshd/sshd_config

And enter/uncomment the lines and restart the service:

RSAAuthentication yes
PubkeyAuthentication yes
/etc/init.d/ssh restart

If permissinos are the issue login to the remote server and in your home folder run:

chmod 700 .ssh

Lastly if your logging into an old system with a version of OpenSSH that does not support RSA, you can generate a DSA key: