Pages

Sunday, September 23, 2012

SSH without password prompting

Usually while working on different computers I am using SSH. Being prompted for a password is not a favourite of mine, so I set up my computers to connect without needing a password. It's easier than you think.

Follow these simple steps to make it work:

Outline

  1. Create a certificate file.
  2. Copy the *.pub file to the computer you want to connect to.
  3. Add the *.pub file into the computers authorized_keys file.
  4. Use SSH with the -i switch (-identity file) to connect.
  5. Use ~/.ssh/config to make ssh use your identity file
Let's say we have our laptop (A), and a server (B) we want to connect to.


Step 1: Create a certificate file. (Computer A)


ssh-keygen -t dsa -f ~/.ssh/sshconnect

When prompted for a password you'll just hit Enter. (The same when asked to confirm the password.)
You should now see the two files called sshconnect and sshconnect.pub in your .ssh folder in your home directory.


Step 2: Copy the .pub file (Computer A)


scp ~/.ssh/sshconnect.pub <username>@<servername>:.ssh/

When prompted for a password here, you'll need to type the password your username have on the server.

Now you'll connect to the server using ssh the ordinary way and by typing your password:

ssh <username>@<servername>


Step 3: Add the *.pub file into authorized_keys on the server (Computer B)


Since we have ssh'ed into our server we'll asume we are there now. And the file sshconnect.pub is located into the .ssh folder on the remote server. We then add the sshconnect.pub -file into the authorized_keys file like this:

cd .ssh
cat sshconnect.pub >> authorized_keys


Now you can logout of computer B (remote server) by typing logout


Step 4: Connect using SSH with the -i switch (Computer A)


Now you'll connect to the remote server for the first time. The first time you will be asked to confirm that you wish to accept this host using the certificate we created. So make sure to answer yes when asked.

ssh -i ~/.ssh/sshconnect <username>@<servername>

Answer yes when asked to connect and accept this host.
When connected you should logout from the remote server by typing logout, and then try reconnecting with the same command you used the last time.
This time you should not be prompted for a password, but automatically be logged in on the remote server.

If you want the connection to work the other way too, then your remote server needs to have the file: sshconnect (with rw------- permissions) in its .ssh folder, and your laptop needs to add the pub -file to its authorized_keys file (step 3).


Step 5: Use ~/.ssh/config to make ssh use your identity file  (Computer A)

In your home folder (or the home of the username that is going to connect to the remote server; you can create a file: ~/.ssh/config
When connecting to the remote server, ssh will use the contents of this during the connection. So you can tell it to use your sshconnect identity file. Add the following in this file:

IdentityFile ~/.ssh/sshconnect

Following these few steps will make it easier to work with remote computers. But do not forget about other security issues.

No comments:

Post a Comment