|
Remote login without requiring a password using ssh or scp
OR
Password free remote login using ssh or scp
This document describes the procedure to setup "ssh"
to allow a user to login to a remote machine without
requiring a password. This procedure assumes that "ssh"
is installed and operational, and the user performing
this procedure has an identical username on each machine
involved in this process.
- Generate the public/private keys
-
As the user you want to be able to login without
entering a password, generate the pubic/private keys
using the "ssh-keygen" utility. For this first example,
do not enter a passphrase. The next example will
illustrate how to use the passphrase.
$ ssh-keygen -t rsa
- Copy the public key to the remote location
-
Copy the public key, generated from the previous
command, to the remote location using the "scp" utility
(or the utility of your choice). The public key will
exist in the home directory of the user under the
subdirectory ".ssh" and will have the filename
"id_rsa.pub". This file should be copied to the remote
location to the ".ssh" subdirectory under the users home
directory, and have the remote filename of
"authorized_keys2". Before copying the file, set the
permissions of the file to "644". In the following
command the variable "${REMOTEMACHINE}" represents the
IP name of the remote machine.
$ chmod 644 ~/.ssh/id_rsa.pub
$ scp ~/.ssh/id_rsa.pub ${REMOTEMACHINE}:.ssh/authorized_keys2
- Test the password-free login
-
The password-free login setup is complete and can be
tested using "ssh" or any other secure remote command.
In the following command the variable "${REMOTEMACHINE}"
represents the IP name of the remote machine.
$ ssh ${REMOTEMACHINE}
This next example illustrates the use of the
"passphrase" with the "ssh-keygen" utility. This
technique requires the user to enter a "passphrase" when
a command is executed initially, but then automatically
performs authentication to remote machines. So once the
initial passphrase is entered, the user can execute as
many remote commands as they wish without entering a
password.
- Generate the public/private keys
-
As the user you want to be able to login without
entering a password, generate the pubic/private keys
using the "ssh-keygen" utility. You will be asked to
enter a "passphrase" and to verify that "passphrase".
Enter a value you wish to use.
$ ssh-keygen -t rsa
- Copy the public key to the remote location
-
Copy the public key, generated from the previous
command, to the remote location using the "scp" utility
(or the utility of your choice). The public key will
exist in the home directory of the user under the
subdirectory ".ssh" and will have the filename
"id_rsa.pub". This file should be copied to the remote
location to the ".ssh" subdirectory under the users home
directory, and have the remote filename of
"authorized_keys2". Before copying the file, set the
permissions of the file to "644". In the following
command the variable "${REMOTEMACHINE}" represents the
IP name of the remote machine.
$ chmod 644 ~/.ssh/id_rsa.pub
$ scp ~/.ssh/id_rsa.pub ${REMOTEMACHINE}:.ssh/authorized_keys2
- Create an alias (optional)
-
Create an alias that will execute a command under the
control of the "ssh-agent". The command to be executed
should be a command that will allow the user to execute
other commands, such as a shell or X-Windows. The
following example uses the Korn Shell.
$ alias ssh-ksh="ssh-agent /usr/bin/ksh"
- Execute a command under control of "ssh-agent"
-
Execute a shell command or X-Windows under control of the ssh-agent.
Then add your passphrase to the list of known identities using the
"ssh-add" utility. You will be prompted to enter your "passphrase".
The following example assumes you created the alias in the previous
step.
$ ssh-ksh
$ ssh-add
Enter passphrase? <enter your passphrase here>
- Execute remote commands
-
The password-free login setup is complete and can be
tested using "ssh" or any other secure remote command.
In the following command the variable "${REMOTEMACHINE}"
represents the IP name of the remote machine.
$ ssh ${REMOTEMACHINE}
|
|
|