Tuesday, June 30, 2009

Laziest way to set SSH without password

I've been crazily busy lately, finally got a chance to check our fabulous CDOT planet again. Saw a few nice posts from LUX classmates. As the king of blog in LUX class, of course I have to post something, I'm gonna beat Kezong!! hehe... (see below for Kezhong's blog)

Yesterday I just did public key authentication too. You can actually do the following to minimize all the work. All you have to do is copy and paste following and type your password twice. :-)

===== Commands =====
##### Step: 1 #####
ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
Key=`cat ~/.ssh/id_rsa.pub `
ssh -f -q nestor@bossanesta.ath.cx "echo $Key >> .ssh/authorized_keys"

##### Step: 2 #####
ssh -f -q nestor@bossanesta.ath.cx chmod 600 .ssh/authorized_keys

===== Verify =====
# if dosen't work, you can always use verbose/debug mode to see the ssh process..

ssh -vv bossanesta.ath.cx

# if still dosen't work and you're sure your file and permission is right, you may want to check the server sshd config file and make sure Public Key authentication is enabled. It's enabled by default anyway. Also you may need to create and change the ~/.ssh folder permission by yourself, if you have never ssh "from" the server/target.

Just follow the official guide step by step.. :-)

=== LINK ===
OpenSSH Public Key Authentication

A professional article about Public Key Authentication from very profession LUX student


kezhong said...

good job!

Chris said...

There is a slightly easier way: use ssh-copy-id, which will copy your default key to a remote system and fix up all the permissions:

ssh-copy-id me@remote

You can specify a non-default identify file if desired (see the man page).

Note that you should avoid using an empty passphrase -- if your account gets compromised then your accounts on the remote machines will be compromised too. If you use a passphrase along with ssh-agent (which is set up by default on a number of distros including Fedora), then you will only have to enter your passphrase once in a login session.

Bossa Nesta said...

kezone.. of course.. ;-p

Chris.. em.. but.. what if I need to use ssh in crontab? i have to encrypt my password and save in a file, then use ssh's import password file option?

Chris said...

Well yes, in the case of crontab a passphrase-free key makes sense.