HOWTO_SSH_without_a_password
| Installation • Kernel & Hardware • Networks • Portage • Software • System • X Server • Gaming • Non-x86 • Emulators • Misc |
The following instructions describe how to setup your SSH server to accept password free logins.
You can follow Ssh-agent guide or section below on ssh-agent for using passwordless login without compromising security.
Client setup
As there exists two version of the SSH protocol, version 1 and 2, the identities are tied to the protocol version. Most SSH-servers use version 2 of the protocol due to the limitations of version 1.
List over protocols and their identity types:
| Protocol | Type | Commandline |
|---|---|---|
| Version 1 | RSA1 | -t rsa1 |
| Version 2 | RSA | -t rsa |
| Version 2 | DSA | -t dsa |
After determining which identity type you want it is time to create your private and public ssh keys (in the article we use DSA encryption), on the client machine type:
$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/gerard/.ssh/id_dsa):
The default location is fine, so just press <enter>
Enter passphrase (empty for no passphrase):
Enter a passphrase or press <enter> again for an empty passphrase.
You can follow Ssh-agent guide for using passwordless login without compromising security.
Enter same passphrase again:
Press <enter> again
key fingerprint is: 6f:c5:86:c7:67:69:02:1a:e4:a9:20:e6:16:13:5d:e5 username@host
That process created two files in ~/.ssh:
| File: Contents of ~/.ssh |
-rw------- 1 bob users 668 Jun 17 23:52 id_dsa -rw-r--r-- 1 bob users 602 Jun 17 23:52 id_dsa.pub |
Server setup
The file named id_dsa.pub is your public key, which you should copy to the server (here referred to as remotebox). The file should be appended to a file named ~/.ssh/authorized_keys on the server.
Copy and install the id_dsa.pub file to the remote system:
$ ssh-copy-id -i ~/.ssh/id_dsa.pub username@remotebox
Client & Server Setup (Alternative with ssh-installkeys)
This part describes how to use the ssh-installkeys tool. It will do the steps explained above automatically. First install ssh-installkeys:
$ echo "net-misc/ssh-installkeys" >> /etc/portage/package.keywords $ emerge -av net-misc/ssh-installkeys
And run it:
$ ssh-installkeys username@remotebox
ssh-installkeys will do all needed task to setup the local keyfiles and the remote login, which includes:
- creating a keypair on the local system (if there is none)
- logging into the remote system (the password is needed)
-
addingthe publickey to the remote system's ~/.ssh/authorized_keys - checking and adjusting the security settings of the local and remote ssh files.
Alternative to keychains: Using ssh-agent
| Note: You can look at Ssh-agent guide for more on this topic |
Using ssh-agent, your computer will store your private keys in memory for the duration of your session, or for a fixed time (if desired - see man ssh-add). It is intended for users who protect their keys with a passphrase, and allows the passphrase to be entered in once only: when the key is added to the agent. This setup is infinitely more secure than making a key with an empty passphrase (assuming you don't leave the session open for someone else to use, of course). To use ssh-agent, you commonly invoke it in one of two ways:
1. You can tell ssh-agent to create a child process (such as an X or Konsole session), and it will terminate automatically when the child process exits:
For example, in your .xinitrc:
| File: ~/.xinitrc |
exec /usr/bin/ssh-agent startkde |
...or as an alias to konsole (or put this in the application line of the icon):
| File: ~/.bashrc |
alias konsole="/usr/bin/ssh-agent /usr/kde/x.x/bin/konsole" |
Gnome users are already running their session through ssh-agent if they use GDM.
2. You can invoke ssh-agent manually at the prompt:
$ eval `ssh-agent`
Once you have started ssh-agent or verified that it is running, add your keys with ssh-add:
$ ssh-add Enter passphrase for /home/<you>/.ssh/id_rsa: Identity added: /home/<you>/.ssh/id_rsa (/home/<you>/.ssh/id_rsa)
Without arguments, ssh-add adds some default keys (if they exist): ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/identity. If you have additional keys with other names, specify the files on the command line:
$ ssh-add ~/.ssh/gentoo_id_dsa
If you want ssh-agent to discard your key from memory after a time, specify the key's lifetime with the -t option:
$ ssh-add -t 2h ~/.ssh/sourceforge_id_rsa
See man sshd_config for time formats.
That's it. ssh-agent will supply your private keys to your SSH client processes whenever they are needed to authenticate with a server, without prompting for your passphrase each time. This is especially useful for scripting using SSH and running commands on multiple hosts.
Testing
$ ssh -l username remotebox Last login: Thu Jun 17 23:55:36 2004 from 192.168.34.2 $
If the system did not query you for a password everything is working properly. If it did not work check your sshd_config file. The following options should be set:
| File: /etc/ssh/sshd_config |
# Allow Identity Auth for SSH1? RSAAuthentication yes # Allow Identity Auth for SSH2? PubkeyAuthentication yes |
Now repeat the Server-part for every server you want to be able to login into without specifying the password.
You can add the following line to your ~/.bashrc to be able to have root access to your box without having to give your root password.
| File: ~/.bashrc |
alias root="ssh -l root 127.0.0.1" |
Be carefull with this, cause anyone with access to your box will be able to issue this command!
Warning
Internal links
External links
Created by NickStallman.net, Luxury Homes Australia
Real estate agents should be using interactive floor plans and real estate agent tools.