Passwordless SSH

There are many times where it would be preferable to authenticate to a server without having to enter a password. Basically any time you want to transfer things between servers with scripts you’ll need to be able to authenticate as a valid user.

The best way to do this is with SSH keypairs.

In this example we will setup automatic login from server Andy as user bopeep to server Buzz as user sheep.

Step 1: Create Authentication ssh-keygen Keys on Andy

Login to Andy as user bopeep and generate a pair of public keys using following command.

[bopeep@andy ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/bopeep/.ssh/id_rsa): [Press enter key]
Created directory '/home/bopeep/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/bopeep/.ssh/id_rsa.
Your public key has been saved in /home/bopeep/.ssh/id_rsa.pub.
The key fingerprint is:
43:f6:52:1c:19:6b:49:e5:a8:72:3a:f9:a7:ea:ae:d5 bopeep@andy
The key's randomart image is:
+--[ RSA 2048]----+
|          ++.    |
|         o.*     |
|        o B .    |
|       o =       |
|      . S .      |
|       * o       |
|      = E        |
|     . o  .      |
|    .++.oo       |
+-----------------+

Step 2: Create .ssh Directory on – buzz

SSH from andy to buzz using sheep as user and create .ssh directory under the home directory, using following:

[bopeep@andy ~]$ ssh sheep@buzz mkdir -p .ssh

The authenticity of host 'buzz (192.168.1.2)' can't be established.
RSA key fingerprint is f6:d2:9a:05:0f:a4:ef:3a:c1:1f:00:1e:6f:1e:ce:86.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'buzz,192.168.1.2' (RSA) to the list of known hosts.
sheep@buzz's password: [Enter Your Password Here!]

Step 3: Upload Generated Public Key to buzz

Use SSH from andy and upload your newly generated public key (id_rsa.pub) to buzz under sheep‘s .ssh directory, appending to the file authorized_keys. If you’re following this tutorial for the first time it’ll create the file, if you’re doing it subsequently then it’ll add a new authorized key.

[bopeep@andy ~]$ cat .ssh/id_rsa.pub | ssh sheep@1buzz 'cat >> .ssh/authorized_keys'

sheep@buzz's password: [Enter Your Password Here!]

Step 4: Set Permissions on – buzz

It’s advisable to explicitly set permissions on .ssh directory and authorized_keys file on buzz to avoid any issues.

[bopeep@andy ~]$ ssh sheep@buzz "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

sheep@buzz's password: [Enter Your Password Here]

Step 5: Login from Andy to Buzz Without Password

Now you can log into buzz as sheep from bopeep on andy without a password.

[bopeep@andy ~]$ ssh sheep@buzz

Comments are closed, but trackbacks and pingbacks are open.