Passwordless Logins with OpenSSH

Standard

I don’t know about you guys, but typing my password in whenever I want to get to one of my home servers is… well, it’s damn annoying. Thankfully there’s a way to export your private keys so when you log in to a computer you trust, you can have this act as your authentication mechanism – because you have a preshared key, the target server won’t bother asking you for a password.

First, you’ll need to make sure that the target server has a few prerequisites in its /etc/sshd/sshd_config, which are:

RSAAuthentication yes
PubkeyAuthentication yes

Once those options are set (you may need to do a service ssh restart to make them take affect), you can generate your keys like this:

archastro@Proteus:~$ ssh-keygen -t rsa

When the keys are being generated, you can choose whether or not to add a password to your key. This kind of defeats the purpose of this post, what with the whole ‘passwordless logins’ thing, but if you were on an external computer and wanted an additional layer of security, that could be a good option. Once you’ve logged in once, you could lock down your sshd_config so that only users with a verified key are allowed in. I might come back to this in a later post.

Now use ssh-copy-id tp copy them over to the server:

archastro@Proteus:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub archastro@hera
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
archastro@hera's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'archastro@hera'"
and check to make sure that only the key(s) you wanted were added.
archastro@Proteus:~$ ssh hera uptime
 05:48:31 up 17 days, 21:30, 0 users, load average: 0.08, 0.13, 0.19

You can now log in, run single commands from your local machine or use cron jobs on your local machine which do stuff on your server.

Enjoy!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s