Linux: Setting up passwordless ssh login

[ATC]

Quite often, you want to ssh into a remote server without having to enter a password. How is this done?

[ATC]

1: Setting up the server for passwordless login

You will need to make sure that the server will accept passwordless logins. This means you have to enable public key authentication on the server. To do this, open up /etc/ssh/sshd_config in a text editor (I would suggest nano or kate). Then make sure that the following two lines are uncommented, or if not there, add them in. To uncomment the line, remove the '#' from the beginning of the line:

    * RSAAuthentication yes
    * PubkeyAuthentication yes

You will need to restart the ssh server. Do this with:

    * /etc/init.d/ssh restart

Finally make sure that permissions are right on the server. If there's no ~/.ssh directory, make one:

    * mkdir ~/.ssh

Once you've got a ~/.ssh directory, change the permissions using:

    * chmod 700 ~/.ssh

that should be enough to setup the server side of things.


2: Setting up the client side of the equation

First you'll need to setup a keypair. If you already have the files ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub, you should be good to go. If not, then you need to add them. Use the following command:

    * ssh-keygen -t rsa

You will then be asked some questions. Simply hit "Enter" to answer them all:

    * Generating public/private rsa key pair.
    * Enter file in which to save the key (/home/skx/.ssh/id_rsa):
    * Enter passphrase (empty for no passphrase):
    * Enter same passphrase again:
    * Your identification has been saved in /home/skx/.ssh/id_rsa.
    * Your public key has been saved in /home/skx/.ssh/id_rsa.pub.

Answering without putting in a password means that the keys can be unlocked without a password, which is the whole point of "passwordless" login. Now we can do a little magic. Previously when setting up passwordless logins with ssh, I've gone through a dance of copying keys from the local computer to the remote computer. However, now I've found a new programme that does all this automagically. So, type this into a terminal:

    * ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote_host

Obviously you will need to replace "username" with the user you want to login as on the remote computer, and "remote_host" with the ip/hostname of the ssh server. This command will ask you for a password - don't be alarmed; this sets up the passwordless-ness, so needs a password to do it. Once you've done this, you should be good to go. Try logging into the remote server, and you should be password free.


Source: http://liquidweather.net/howto

[Floyd-ATC]

For some bizarre reason, CentOS (and possibly other distros) does not include the ssh-copy-id script. I have copied the script from an Ubuntu 8.10 installation and made it available here:

http://home.atc.no/~floyd/download/ssh-copy-id