Sunday, September 16, 2012

Setup passwordless ssh in linux in 4 easy steps

Say, you need to setup a way to login to another machine without the need to enter a password. You will need to do a few steps to configure this so called "passwordless ssh access"

For simplicity we assume you are on $server1 and want to be able to ssh to $server2. Your username is $sshuser.

1. Generate a pair of keys: 

sshuser@server1:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sshuser/.ssh/id_rsa):
Created directory '/home/sshuser/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sshuser/.ssh/id_rsa.
Your public key has been saved in /home/sshuser/.ssh/
The key fingerprint is:
22:80:5e:b6:31:d9:a4:fa:2e:7b:de:fb:f0:a9:81:05 sshuser@server1
The key's randomart image is:
+--[ RSA 2048]----+
|     ..          |
|    . +.         |
|   . o +Eo.      |
|    ....o+o      |
|        So.      |
|        .o       |
|       . .o      |
|      o .. + .   |
|      .B+ +++    |

2. Create "~/.ssh" directory on server2 for sshuser. It may exist already, but it will not hurt anyway:

sshuser@server1:~> ssh $server2 'mkdir -p $/.ssh; chmod 700 $/.ssh'

3. Upload public key of the user to server2:

sshuser@server1:~> cat ~/.ssh/ | ssh $server2 'cat >> .ssh/authorized_keys2; chmod 640 .ssh/authorized_keys2' 

4. That's it! Now you should be able to login to server2 without password:
sshuser@server1:~> ssh $server2

Finally, see all the commands in a single shoot:

ssh-keygen -t rsa
ssh $server2 'mkdir -p ~/.ssh; chmod 700 $/.ssh'
cat ~/.ssh/ | ssh $server2 'cat >> .ssh/authorized_keys2' 
ssh $server2 'chmod 640 .ssh/authorized_keys2' 
ssh $server2

No comments:

Post a Comment