SSH login without passwords

From assela Pathirana
Revision as of 08:37, 22 March 2006 by Root (talk | contribs)
Jump to navigationJump to search

Synopsis

Whenever the ssh command is used to login to a remote machine, user needs to provide the remote machines password. While this is an obvious security issue , it soon becomes a headache once you start to login fifty-times a day to the same, known-and-trusted server from your known-and-trusted client! For such situations, the following is a good approach.

IMPORTANT

The method described here has inherant problem of sever being vulnarable if the client is compromised. There is no line of defence in between. To overcome this issue the application known as Keychain can be used.

Howto

Note
Let's assume the client and server names are 


client1
server1



respectively and username in the remote machine is 

user1



. 

  1. Create public-private key pair in client1



ssh-keygen -t dsa -f ~/.ssh/id_dsa




  1. Copy public-key to somewhere in server1

    scp ~/.ssh/id_dsa.pub user1@client1:~/.ssh/id_dsa.pub
    2. 

  2. In the server1, append the public-key for client1 to the authorized-keys file

    cat id_dsa.pub >> ~user1/.ssh/authorized_keys2
    3. 

  3. Secure the authorized-keys file (otherwise the scheme will not work!) and remove unnecessary files. (in server1) 


chmod 640 ~user1/.ssh/authorized_keys2
rm ~user1/.ssh/id_dsa.pub
.



Now you should be able to login from client1 to user1@server1 without providing password.









Retrieved from "https://assela.pathirana.net/index.php?title=SSH_login_without_passwords&oldid=1566"