SSH passwordless login.

There are many times when I do not want to always keep typing in passwords to log into local servers. Not only that, I do not want to be typing passwords when people are watching. If you run a primarily linux network like I do then this can be a real boon to your use of the systems not to have to do the traditional login. So we will need a way to authenticate to the systems we want to use..

There was traditionally two kinds of authentication. RSA and DSA. RSA should not be used any more. Public key authentication can only be established on a per system / user basis only i.e. it is not system wide. You will be setting up ssh with DSA public key authentication for SSH version 2 on two machines.

Note: you will need to be able to use the command line/terminal for this project.

Note: For both the server and the client port 22 should be changed to some number above 1024 that is an unused port. Both numbers must be the same unless you are an advanced user, Other setting should be changed as well.

$ sudo vim /etc/ssh/sshd_config

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22

What do you need?

#1 machine : Client machine with ssh installed

$ sudo apt-get update
$ sudo apt-get install ssh

#2 machine : A remote server with ssh and openssh-server

$ sudo apt-get update
$ sudo apt-get install ssh openssh-server

Setting up the keys.

Generate DSA Key Pair

Use ssh-keygen command as follows:
$ ssh-keygen -t dsa
Output:

Enter file in which to save the key (/home/vivek/.ssh/id_dsa): Press [Enter] key
Enter passphrase (empty for no passphrase): myPassword
Enter same passphrase again: myPassword
Your identification has been saved in /home/vivek/.ssh/id_dsa.
Your public key has been saved in /home/vivek/.ssh/id_dsa.pub.
The key fingerprint is:
04:be:15:ca:1d:0a:1e:e2:a7:e5:de:98:4f:b1:a6:01 vivek@vivek-desktop

Caution: a) Please enter a passphrase different from your account password and confirm the same.
b) The public key is written to /home/you/.ssh/id_dsa.pub.
c) The private key is written to /home/you/.ssh/id_dsa.
d) It is important you never-ever give out your private key.

Directory set up and key copy to server.

Set directory permission

Next make sure you have correct permission on .ssh directory:
$ cd
$ chmod 755 .ssh

You can get to the calculator here:
http://www.onlineconversion.com/html_chmod_calculator.htm

Copy public key.

Now copy file ~/.ssh/id_dsa.pub on Machine #1 (tom) to remote server as ~/.ssh/authorized_keys. The command scp is an ssh based network file copy command and it will copy your public key file in this step. (you will be asked your your password on the server to log in.
$ scp ~/.ssh/id_dsa.pub user@server:.ssh/authorized_keys

Server Side.

Now that you have the public key copied over to the server, you need to move it to the right place.
What you just did frim the client machine.

$ scp ~/.ssh/id_dsa.pub user@jerry:.ssh/authorized_keys

Warning: If you already have an authorized_keys file this will write over it. (safer way)

From client machine
$ scp ~/.ssh/id_dsa.pub user@jerry:.
Server side.
$ cp id_dsa.pub >> .ssh/authorized_keys

Change permissions so only you can see and access it.

$ chmod 600 ~/.ssh/authorized_keys

Note: An authorized_key file (no “s” at the end) is for the old rsa keys.

Back to the client.

So you do not have to enter in a passphrase:

Type the following command at shell prompt:
$ exec /usr/bin/ssh-agent $SHELL
$ ssh-add

Logging in.
From the command line you could use:

$ ssh user@servername

or

$ ssh user@remote-server.com

or

$ scp file user@servername:/tmp

Now if you try to logon in from the client to get to a share, you should not get a second password window.

Tada!!

Good day!

Advertisements