I don’t know about you guys, but typing my password in whenever I want to get to one of my home servers is… well, it’s damn annoying. Thankfully there’s a way to export your private keys so when you log in to a computer you trust, you can have this act as your authentication mechanism – because you have a preshared key, the target server won’t bother asking you for a password.
First, you’ll need to make sure that the target server has a few prerequisites in its /etc/sshd/sshd_config, which are:
RSAAuthentication yes PubkeyAuthentication yes
Once those options are set (you may need to do a service ssh restart to make them take affect), you can generate your keys like this:
archastro@Proteus:~$ ssh-keygen -t rsa
When the keys are being generated, you can choose whether or not to add a password to your key. This kind of defeats the purpose of this post, what with the whole ‘passwordless logins’ thing, but if you were on an external computer and wanted an additional layer of security, that could be a good option. Once you’ve logged in once, you could lock down your sshd_config so that only users with a verified key are allowed in. I might come back to this in a later post.
Now use ssh-copy-id tp copy them over to the server:
archastro@Proteus:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub archastro@hera /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys archastro@hera's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'archastro@hera'" and check to make sure that only the key(s) you wanted were added. archastro@Proteus:~$ ssh hera uptime 05:48:31 up 17 days, 21:30, 0 users, load average: 0.08, 0.13, 0.19
You can now log in, run single commands from your local machine or use cron jobs on your local machine which do stuff on your server.