Previous PagePrevious Page
Passwordless SSH 54
  • 25 Oct 2011 03:00:56

Here I explain how to set up an SSH connection without a password. This is particularly useful for various kinds of scripting which wants to run things over SSH.

Basically, we are going to create a key, keep it on the local machine, and give a copy to the remote machine. Then instead of entering your password, SSH will look for the key, and if the key matches, it will not require your password. The generated keys are probably more secure than most passwords in terms of brute-force breaking, so I think it's safe enough.

If you have never done this before, on local machine, for the first time:

user@localhost $ ssh-keygen -t rsa

(Do empty for no passphrase, though it's a security risk)

This creates ~/.ssh/id_rsa.pub. If you've set this up before, you already have this file locally, and you should use the same one for all cases (otherwise you will have to set them all up again with the new key).

Copy this to the host machine (say to ~/ but not to ~/.ssh as it may overwrite existing file), and cat it onto an existing ~/.ssh/authorized_keys

user@remotehost $ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

Delete your id_rsa.pub on the remote machine

user@remotehost $ rm ~/id_rsa.pub

That's it. Now you can login from the localhost to the remotehost without entering your password.

If you have some trouble, it may be from the mode of the files from security. Basically, depending on the file, it should either have mode 644 or 600. You can see the modes I have setup which work successfully:

daid@titan ~/.ssh % ls -lt
total 36
-rw-r--r-- 1 daid 1009 9528 May 3 18:59 known_hosts
-rw------- 1 daid 1009 2864 Jun 6 2010 authorized_keys
-rw------- 1 daid 1009 390 Nov 8 2009 other_keys.seahorse
-rw-r--r-- 1 daid 1009 1260 Oct 15 2009 id_rsa.keystore
-rw------- 1 daid 1009 1675 Oct 15 2009 id_rsa
-rw-r--r-- 1 daid 1009 391 Oct 15 2009 id_rsa.pub


        (__)               __(^^)              /   /    (__)      / PhD  \  (oO)     /|  /---^^---/     / | /| daid  ||    *  || ||------||
Next page