Passwordless ssh

From Linux Config Wiki

• Author: Adam Monsen
• Home Page: Logiciel Libre
• Date: 9.1.2009

Public key authentication allows you to login to a remote host via the SSH protocol without a password and is more secure than password-based authentication. Try creating a passwordless connection from linuxconfig.local to linuxconfig.org using public-key authentication.

Example

To ensure the connection is with the correct server, verify the fingerprint with the system administrator.

Create key

Press ENTER at every prompt.

linuxconfig.local$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
b2:ad:a0:80:85:ad:6c:16:bd:1c:e7:63:4f:a0:00:15 user@host
The key's randomart image is:
+--[ RSA 2048]----+
|  E.             |
| .               |
|.                |
|.o.              |
|.ooo o. S        |
|oo+ * .+         |
|++ +.+...        |
|o. ...+.         |
|  .   ..         |
+-----------------+
linuxconfig.local$

For added security the key itself would be protected using a strong passphrase. If a passphrase is used to protect the key, ssh-agent can be used to cache the passphrase.

Copy key to remote host

linuxconfig.local$ ssh-copy-id root@linuxconfig.org
root@linuxconfig.org's password:
Now try logging into the machine, with "ssh 'root@linuxconfig.org'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
linuxconfig.local$

Login to remote host

Note that no password is required.

linuxconfig.local$ ssh root@linuxconfig.org
Last login: Tue Apr  3 12:47:53 2007 from 192.168.0.39
linuxconfig.org#