SSH trust/passwordless login


To login into a RemoteServer@SSH without the need to type your password


To some of us who are required to administer (log into) several different remote servers and to which, different credentials are required, having to type the passwords all the time may be boring.

This recipe, although may be a security risk because the local machine will be granted access without the need to type in the password (if anyone grants access to the local machine, she will automatically be granted access to those remote servers as well!), it may be really handy in practical terms on a daily routine, as it saves us the task to set the passwords all the time

How to

First of all, we need to generate our ssh key through one of the following statements, in the machine we will use to log into the remote server:

ssh-keygen -t rsa
ssh-keygen -t dsa

The previous statement(s) will create one of a pair of files, depending on the type of key used:

  • id_rsa and
  • id_dsa and

The first file contains the private key, which will be kept in the local machine. The second file (the one with the “.pub” extension) contains the public key, which must be copied to the remote server, into ~/.ssh/authorized_keys for RSA keys and into ~/.ssh/authorized_keys2 for DSA keys.

Now, we need to make sure the remote server has the .ssh directory. To do so, we execute a statement similar to:

ssh @ mkdir -p ~/.ssh

Next, we need to copy the public key into the corresponding remote server authorized keys file. Notice the use of “>>” instead of “>” in the ssh command to append the public key to the possible already existing public keys instead of overwriting the file contents:

cat ~/.ssh/ | ssh @ 'cat >> ~/.ssh/authorized_keys'

And it is done. Now, anytime we try to access the remote server with the user in which we have enabled ssh trust (the ~/.ssh/authorized_keys or ~/.ssh/authorized_keys2 on the remote server), ssh will use the private key stored on the local machine to negotiate the access to the server, without the need to specify a password).


Anytime we try to access the remote server, the ssh protocol will look for the private and public keys pair that match and should provide access from the local machine to the local server to the user to which we have associated the ssh key in the authorization file.

Additionally, for an extra layer of security, we should make sure the ~/.ssh/authorized_keys (or ~/.ssh/authorized_keys2) file contains the appropriate permissions:

ssh @ "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s