Never enough locks and keys, let's skip login with ssh
Never enough locks and keys, let’s skip login with ssh (Love Locks, photo by Minerva Bloom, http://www.fotopedia.com/items/moonrisings-0ic4gOasaFg)

This is definitively not the first post on the Internet about this, but I keep needing this and I think I really needed my own version of the post.

You are on your local machine (mine is a Mac) and I want to connect to a remote server (Ubuntu or CentOS in this scenario).

Let’s assume the remote host is called remotehost and you want to connect as remoteuser.

Generate a Pair of Authentication Keys

Open a terminal and generate a pair of authentication keys. Do not enter a passphrase.

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/jgp/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/jgp/.ssh/id_rsa.
Your public key has been saved in /Users/jgp/.ssh/id_rsa.pub.
The key fingerprint is:
77:c3:79:a8:98:50:92:6b:5f:5b:43:68:a9:b3:59:6a jgp@Jean-Georgess-MacBook-Pro.local
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|       .         |
|      o .        |
|       +   + o   |
|      + S * X .  |
|     . O B * +   |
|        B o      |
|      E= .       |
|     .+          |
+-----------------+

If you get:

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/jgp/.ssh/id_rsa):
/Users/jgp/.ssh/id_rsa already exists.
Overwrite (y/n)? n

It means you already have a set of keys and you do not want to erase them. Go directly to step 2.

Setup Remote Host

If nobody has done it before: now use ssh to create a directory ~/.ssh as user remoteuser on remotehost. (The directory may already exist, which is fine):

$ ssh remoteuser@remotehost mkdir -p .ssh
remoteuser@remotehost's password:

Share your Public Key

Append your new public key to remoteuser@remotehost:.ssh/authorized_keys, to remoteuser@remotehost:.ssh/authorized_keys2, and enter tremoteuser’s password (twice).

$ cat ~/.ssh/id_rsa.pub | ssh remoteuser@remotehost 'cat >> .ssh/authorized_keys'
remoteuser@remotehost's password:
$ cat ~/.ssh/id_rsa.pub | ssh remoteuser@remotehost 'cat >> .ssh/authorized_keys2'
remoteuser@remotehost's password:

Note that:

  • On Centos, we need to have the keys in both authorized_keys and authorized_keys2 (it may work without the keys in authorized_keys, but this has not been tried).
  • Change the permission of the remote .ssh directory to 700; this is on remotehost.
chmod 700 ~/.ssh
  • Change the permissions of .ssh/authorized_keys2 to 640; this is on remotehost.
chmod 640 ~/.ssh/authorized_keys2

Test

From now on you can log into remotehost as remoteuser from your local machine without password.

$ ssh remoteuser@remotehost

 

References

Adapted from:

  • SSH login without password, http://www.linuxproblem.org/art_9.html, Mathias Kettner.

Comments are closed.