SSH login without Password

Written on November 14th, 2009 at 00:44 am by chia

Alright! So this one day, I'm talking to a friend. She's telling me about this real cool movie she heard about...2012 or something (which btw... WATCH! ). Now I'm also typing my password on an ssh server, and I happen to mistype. Now I have a feeling I've done so, so I press Backspace till I think nothing could ever have lasted here and type again. My lucky day it was, for I happen to mistype again. That was when it hit me! There's gotta be a way around this password thingy. This is why I love being a Linuxer. There's always a way out of everything!!!

Now before you think I'm kidding, listen to this -> What I'm going to tell you about, will provide you with -> SSH + No password entry each time + No compromise on security.

This HowTo is right up there with the big ones as its a one time solution for avoiding a lot of typing!! Read On!

Basically, instead of authenticating the user using a password, here we use keys (public and private). Interested? You can read more about it here.

While looking for a HowTo on ssh key generation for the first time I found that most of the solutions deal with RSA keys and ssh version 1 and so they didn't work for me because I use ssh version 2. So this one's aimed at configuring password-less secure access using ssh2 and DSA keys.

Basic Concept

This configuration takes place in the following order:

  • First of all 2 keys are generated for the host machine, private and public key.
  • Then the generated public key(the are is .pub files) is copied to the server where we want to connect using host machine.
  • Once the host's public key is added to the server's list of authorized key, the host can connect to the server remotely without entering any password.

Now, follow the steps below to configure a passwordless secure access.

Generating the Private and Public key on Host

On the Host Machine run the following command

[chia]$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa

In the above command, we are using ssh-keygen to generate private and public keys for the host machine. The attributes used are:

t  -  This is used to define the type of keys we want to generate. Our choice is DSA

P -  P is used to mention the passphrase. Since, we want a secure  passwordless ssh login we will leave it blank or ''.

f -   This attribute is used to mention the file where the private key will be saved.

Now, you will see that two files are created in the directory .ssh, id_dsa and id_dsa.pub.

id_dsa  -  This is the file where the private key is stored.

id_dsa.pub - This is the file where public key is stored.

Copy the Host's public key to the Server's authorized keys file

Now, we need to add the host's public key to the server's ~/.ssh/authorized_keys2 file. We can easily do thid by copying the file id_dsa.pub to the server as authorized_keys2. But this might overwrite the existing authorized_keys2 file on the server so we will have to append the key in the file. This can be done using the following command.

[chia]$ cat ~/.ssh/id_dsa.pub | ssh user@server 'cat  -  >>  .ssh/authorized_keys2'

P.S.- This is the step where the difference between the version of ssh comes into play. If you are using ssh version 1 then the use the filename authorized_keys otherwise use authorized_keys2.

Login

Try and login now.

[chia]$ ssh user@server

You should be able to login without any password. You can now use any secure shell related operation (e.g. scp) without typing password.

Please note that this method is one way i.e. you will be able to login from host to server without any password but not the other way round. You will have to follow the above steps again but now just replace host and server.

  • Delicious
  • Digg
  • StumbleUpon
  • Reddit
  • Newsvine
  • Facebook
  • Google
  • Yahoo
  • Technorati

2 Comments

Sayantan Das (not verified)
December 14th, 2009 09:07 pm
Hi, I am not able to login without password , It still asks for one. I have followed you exact instructions . MY host ssh version is $ ssh -V OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009 My server version is $ ssh -V OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 Am I missing something? Thanks in advance.
dokma (not verified)
July 30th, 2010 02:26 pm
It's nice to know some nifty ways to use the passwordless SSH login once you set it up. Check this nice article: SSH login without password

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <img> <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <h1> <h2> <h3> <h4> <h5> <h6> <p> <br>
  • Image links with 'rel="lightbox"' in the <a> tag will appear in a Lightbox when clicked on.

  • Search Engines will index and follow ONLY links to allowed domains.

More information about formatting options

Type the characters you see in this picture. (verify using audio)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.