Thursday, January 12, 2012

Setting up passwordless ssh




One can create passwordless-ssh between two machines so that one can access the other one without needing to enter the password. To achieve this, you need to first install sshserver on your machine. You can try the following commands:-
user@ubuntu32:~/$ sudo apt-get install openssh-server

Once its installed, you need to generate public and private keys. For that use the following command:-
user@ubuntu32:~/$ ssh-keygen –t rsa

It will prompt you for filename and passphrase. Skip it or enter something if you want to use some passphrase. Similarly do this on the second machine as well.



Now you will have a public, private keypair (id_rsa, id_rsa.pub) for the user from whose account you generated the keys. They are present in /home/<username>/.ssh directory.



Now you need to copy the id_rsa.pub to authorized_keys present in /home/<username>/.ssh on server with which you want to setup passwordless ssh. You can enter the following command on the terminal:-
scp ~/.ssh/id_rsa.pub username@servername:.ssh/authorized_keys

 

Once its copied, now you can ssh to the server to which you copied the id_rsa.pub key without giving the password.

Kindly note here that scp will override the authorized_keys file on server to whom you want to setup passwordless ssh. So if you want to have more clients using passwordless ssh to same server, you need to first copy id_rsa.pub to that server, then append the file authorized_keys to contain id_rsa.pub too and then delete id_rsa.pub from that server.

Now you don’t need password to ssh to that server.



One thing to note here is that in “ssh username@machinename”, username is the name of the user on machine to which you are doing passwordless ssh and to whose .ssh directory you have added your public key.

Sometimes what happens is that even after following the above steps, you are unable to login to other machine without password. If you face this issue, then you can check for logs in /var/log/auth.log file to see the kind of error you are getting.
If you face the authentication error(Authentication refused: bad ownership or modes for directory), then you need to change the permissions of the directory as defined below:

chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Now you will be able to successfully login to the other machine without using the password.

No comments:

Post a Comment