Contact Us | Products/Services | Korn Shell | MicroEMACS


AIXtm mtXIA Technical Consulting Group

 


No Passwd Required


Path : Home : Tools : Security


Current:No Passwd Required
Previous:Security
Home Page

Remote login without requiring a password using ssh or scp

OR

Password free remote login using ssh or scp

This document describes the procedure to setup "ssh" to allow a user to login to a remote machine without requiring a password. This procedure assumes that "ssh" is installed and operational, and the user performing this procedure has an identical username on each machine involved in this process.


  • Generate the public/private keys
    As the user you want to be able to login without entering a password, generate the pubic/private keys using the "ssh-keygen" utility. For this first example, do not enter a passphrase. The next example will illustrate how to use the passphrase.
    $ ssh-keygen  -t  rsa
                
  • Copy the public key to the remote location
    Copy the public key, generated from the previous command, to the remote location using the "scp" utility (or the utility of your choice). The public key will exist in the home directory of the user under the subdirectory ".ssh" and will have the filename "id_rsa.pub". This file should be copied to the remote location to the ".ssh" subdirectory under the users home directory, and have the remote filename of "authorized_keys2". Before copying the file, set the permissions of the file to "644". In the following command the variable "${REMOTEMACHINE}" represents the IP name of the remote machine.
    $ chmod  644  ~/.ssh/id_rsa.pub
    $ scp  ~/.ssh/id_rsa.pub  ${REMOTEMACHINE}:.ssh/authorized_keys2
                
  • Test the password-free login
    The password-free login setup is complete and can be tested using "ssh" or any other secure remote command. In the following command the variable "${REMOTEMACHINE}" represents the IP name of the remote machine.
    $ ssh  ${REMOTEMACHINE}
                

  • This next example illustrates the use of the "passphrase" with the "ssh-keygen" utility. This technique requires the user to enter a "passphrase" when a command is executed initially, but then automatically performs authentication to remote machines. So once the initial passphrase is entered, the user can execute as many remote commands as they wish without entering a password.

  • Generate the public/private keys
    As the user you want to be able to login without entering a password, generate the pubic/private keys using the "ssh-keygen" utility. You will be asked to enter a "passphrase" and to verify that "passphrase". Enter a value you wish to use.
    $ ssh-keygen  -t  rsa
                
  • Copy the public key to the remote location
    Copy the public key, generated from the previous command, to the remote location using the "scp" utility (or the utility of your choice). The public key will exist in the home directory of the user under the subdirectory ".ssh" and will have the filename "id_rsa.pub". This file should be copied to the remote location to the ".ssh" subdirectory under the users home directory, and have the remote filename of "authorized_keys2". Before copying the file, set the permissions of the file to "644". In the following command the variable "${REMOTEMACHINE}" represents the IP name of the remote machine.
    $ chmod  644  ~/.ssh/id_rsa.pub
    $ scp  ~/.ssh/id_rsa.pub  ${REMOTEMACHINE}:.ssh/authorized_keys2
                
  • Create an alias (optional)
    Create an alias that will execute a command under the control of the "ssh-agent". The command to be executed should be a command that will allow the user to execute other commands, such as a shell or X-Windows. The following example uses the Korn Shell.
    $ alias ssh-ksh="ssh-agent /usr/bin/ksh"
                
  • Execute a command under control of "ssh-agent"
    Execute a shell command or X-Windows under control of the ssh-agent. Then add your passphrase to the list of known identities using the "ssh-add" utility. You will be prompted to enter your "passphrase". The following example assumes you created the alias in the previous step.
    $ ssh-ksh
    $ ssh-add
      Enter passphrase? <enter your passphrase here>
                
  • Execute remote commands
    The password-free login setup is complete and can be tested using "ssh" or any other secure remote command. In the following command the variable "${REMOTEMACHINE}" represents the IP name of the remote machine.
    $ ssh  ${REMOTEMACHINE}
                
  •  

    For information regarding this page, contact Dana French ( dfrench@mtxia.com )
    Copyright 2008 by Mt Xia Inc, All Rights Reserved