To login into a RemoteServer@SSH without the need to type your password
To some of us who are required to administer (log into) several different remote servers and to which, different credentials are required, having to type the passwords all the time may be boring.
This recipe, although may be a security risk because the local machine will be granted access without the need to type in the password (if anyone grants access to the local machine, she will automatically be granted access to those remote servers as well!), it may be really handy in practical terms on a daily routine, as it saves us the task to set the passwords all the time
First of all, we need to generate our ssh key through one of the following statements, in the machine we will use to log into the remote server:
ssh-keygen -t rsa or ssh-keygen -t dsa
The previous statement(s) will create one of a pair of files, depending on the type of key used:
- id_rsa and id_rsa.pub
- id_dsa and id_dsa.pub
The first file contains the private key, which will be kept in the local machine. The second file (the one with the “.pub” extension) contains the public key, which must be copied to the remote server, into ~/.ssh/authorized_keys for RSA keys and into ~/.ssh/authorized_keys2 for DSA keys.
Now, we need to make sure the remote server has the .ssh directory. To do so, we execute a statement similar to:
ssh @ mkdir -p ~/.ssh
Next, we need to copy the public key into the corresponding remote server authorized keys file. Notice the use of “>>” instead of “>” in the ssh command to append the public key to the possible already existing public keys instead of overwriting the file contents:
cat ~/.ssh/id_rsa.pub | ssh @ 'cat >> ~/.ssh/authorized_keys'
And it is done. Now, anytime we try to access the remote server with the user in which we have enabled ssh trust (the ~/.ssh/authorized_keys or ~/.ssh/authorized_keys2 on the remote server), ssh will use the private key stored on the local machine to negotiate the access to the server, without the need to specify a password).
Anytime we try to access the remote server, the ssh protocol will look for the private and public keys pair that match and should provide access from the local machine to the local server to the user to which we have associated the ssh key in the authorization file.
Additionally, for an extra layer of security, we should make sure the ~/.ssh/authorized_keys (or ~/.ssh/authorized_keys2) file contains the appropriate permissions:
ssh @ "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"