Mt Xia: Technical Consulting Group

Business Continuity / Disaster Recovery / High Availability
Data Center Automation / Audit Response / Audit Compliance

-
Current Location
-

css
  Downloads
    Security

-

digg Digg this page
del.icio.us Post to del.icio.us
Slashdot Slashdot it!


Business Web Site Hosting
$3.99 / month includes Tools,
Shopping Cart, Site Builder

www.siteox.com

FREE Domain Registration
included with Web Site Hosting
Tools, Social Networking, Blog

www.siteox.com

Remote login without requiring a password using ssh or scp

OR

Password free remote login using ssh or scp

This document describes the procedure to setup "ssh" to allow a user to login to a remote machine without requiring a password. This procedure assumes that "ssh" is installed and operational, and the user performing this procedure has an identical username on each machine involved in this process.


  • Generate the public/private keys
    As the user you want to be able to login without entering a password, generate the pubic/private keys using the "ssh-keygen" utility. For this first example, do not enter a passphrase. The next example will illustrate how to use the passphrase.
    $ ssh-keygen  -t  rsa
                
  • Copy the public key to the remote location
    Copy the public key, generated from the previous command, to the remote location using the "scp" utility (or the utility of your choice). The public key will exist in the home directory of the user under the subdirectory ".ssh" and will have the filename "id_rsa.pub". This file should be copied to the remote location to the ".ssh" subdirectory under the users home directory, and have the remote filename of "authorized_keys2". Before copying the file, set the permissions of the file to "644". In the following command the variable "${REMOTEMACHINE}" represents the IP name of the remote machine.
    $ chmod  644  ~/.ssh/id_rsa.pub
    $ scp  ~/.ssh/id_rsa.pub  ${REMOTEMACHINE}:.ssh/authorized_keys2
                
  • Test the password-free login
    The password-free login setup is complete and can be tested using "ssh" or any other secure remote command. In the following command the variable "${REMOTEMACHINE}" represents the IP name of the remote machine.
    $ ssh  ${REMOTEMACHINE}
                

  • This next example illustrates the use of the "passphrase" with the "ssh-keygen" utility. This technique requires the user to enter a "passphrase" when a command is executed initially, but then automatically performs authentication to remote machines. So once the initial passphrase is entered, the user can execute as many remote commands as they wish without entering a password.

  • Generate the public/private keys
    As the user you want to be able to login without entering a password, generate the pubic/private keys using the "ssh-keygen" utility. You will be asked to enter a "passphrase" and to verify that "passphrase". Enter a value you wish to use.
    $ ssh-keygen  -t  rsa
                
  • Copy the public key to the remote location
    Copy the public key, generated from the previous command, to the remote location using the "scp" utility (or the utility of your choice). The public key will exist in the home directory of the user under the subdirectory ".ssh" and will have the filename "id_rsa.pub". This file should be copied to the remote location to the ".ssh" subdirectory under the users home directory, and have the remote filename of "authorized_keys2". Before copying the file, set the permissions of the file to "644". In the following command the variable "${REMOTEMACHINE}" represents the IP name of the remote machine.
    $ chmod  644  ~/.ssh/id_rsa.pub
    $ scp  ~/.ssh/id_rsa.pub  ${REMOTEMACHINE}:.ssh/authorized_keys2
                
  • Create an alias (optional)
    Create an alias that will execute a command under the control of the "ssh-agent". The command to be executed should be a command that will allow the user to execute other commands, such as a shell or X-Windows. The following example uses the Korn Shell.
    $ alias ssh-ksh="ssh-agent /usr/bin/ksh"
                
  • Execute a command under control of "ssh-agent"
    Execute a shell command or X-Windows under control of the ssh-agent. Then add your passphrase to the list of known identities using the "ssh-add" utility. You will be prompted to enter your "passphrase". The following example assumes you created the alias in the previous step.
    $ ssh-ksh
    $ ssh-add
      Enter passphrase? <enter your passphrase here>
                
  • Execute remote commands
    The password-free login setup is complete and can be tested using "ssh" or any other secure remote command. In the following command the variable "${REMOTEMACHINE}" represents the IP name of the remote machine.
    $ ssh  ${REMOTEMACHINE}
                
  • -
    No Passwd Required
    -
     


    FREE Domain Registration
    included with Web Site Hosting
    Tools, Social Networking, Blog

    www.siteox.com

    Business Web Site Hosting
    $3.99 / month includes Tools,
    Shopping Cart, Site Builder

    www.siteox.com