SSH trust/passwordless login

Goal

To login into a RemoteServer@SSH without the need to type your password

Description

To some of us who are required to administer (log into) several different remote servers and to which, different credentials are required, having to type the passwords all the time may be boring.

This recipe, although may be a security risk because the local machine will be granted access without the need to type in the password (if anyone grants access to the local machine, she will automatically be granted access to those remote servers as well!), it may be really handy in practical terms on a daily routine, as it saves us the task to set the passwords all the time

How to

First of all, we need to generate our ssh key through one of the following statements, in the machine we will use to log into the remote server:

ssh-keygen -t rsa
or
ssh-keygen -t dsa

The previous statement(s) will create one of a pair of files, depending on the type of key used:

  • id_rsa and id_rsa.pub
  • id_dsa and id_dsa.pub

The first file contains the private key, which will be kept in the local machine. The second file (the one with the “.pub” extension) contains the public key, which must be copied to the remote server, into ~/.ssh/authorized_keys for RSA keys and into ~/.ssh/authorized_keys2 for DSA keys.

Now, we need to make sure the remote server has the .ssh directory. To do so, we execute a statement similar to:

ssh @ mkdir -p ~/.ssh

Next, we need to copy the public key into the corresponding remote server authorized keys file. Notice the use of “>>” instead of “>” in the ssh command to append the public key to the possible already existing public keys instead of overwriting the file contents:

cat ~/.ssh/id_rsa.pub | ssh @ 'cat >> ~/.ssh/authorized_keys'

And it is done. Now, anytime we try to access the remote server with the user in which we have enabled ssh trust (the ~/.ssh/authorized_keys or ~/.ssh/authorized_keys2 on the remote server), ssh will use the private key stored on the local machine to negotiate the access to the server, without the need to specify a password).

Explanations

Anytime we try to access the remote server, the ssh protocol will look for the private and public keys pair that match and should provide access from the local machine to the local server to the user to which we have associated the ssh key in the authorization file.

Additionally, for an extra layer of security, we should make sure the ~/.ssh/authorized_keys (or ~/.ssh/authorized_keys2) file contains the appropriate permissions:

ssh @ "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s