This document we’ll go through the process of configuring SSH client to login without a password using a private key. This can be a convenient, fast and potentially more secure way to access a remote system… Best thing, it’s actually very simple to achieve!
Step 1: Generate Your Key
Start by being logged into your local system and generate your private key using the command “/usr/bin/ssh-keygen”:
[user@server1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| E S |
| o . .. |
| o .===. |
| . ..X*B |
| XXYZ.o+oOoo |
We now have a generated private and public key set, the key’s are typically created as /home/user/.ssh/id_rsa & /home/user/.ssh/id_rsa.pub.
[box type="warning"] Beware that your private key is an extremely valuable file. It’s like storing your password in a file. If obtained, could be used by another person to access your systems. Back it up and keep it safe!![/box]
Step 2: Share Your Key
To use your private key, you must share your public key with a remote server. Simply put, the remote server keeps a copy of your public key, which it uses to match against your private when you attempt to login.
There is a utility which automatically installs our public key onto a remote host; ssh-copy-id. Obviously it won’t work unless you already know the password of the account on the remote host.
[user@server1 ~]# ssh-copy-id -i /home/user/.ssh/id_rsa user@server2
…and that’s it. The ssh-copy-id program automatically copied our shared key into /home/user/.ssh/authroized_keys file on server2.
Step 3: Login with no Password
Assuming you’ve followed the above steps, all you simply have to do now is login to the system as per normal.
[user@server1 ~]# ssh user@server2
Last login: Mon Nov 12 23:45:44 2012 from 192.168.0.1
..boom and you’re in, no password entry required!
[box type="info"] Just note that this document assumes CentOS 6 for all example code and references. Syntax, file locations and codes may vary based on your distribution.[/box]
[author] [author_image timthumb='on']http://mcdee.com.au/wp-content/uploads/2012/11/photo.jpg[/author_image] [author_info]Andrew McDonald is an IT Systems Admin and all round technology junkie. Absolutely a jack-of-all-trades and not one to shy away from a challenge.