HOWTO: Passwordless ssh logins

openssh.png Having the ability to do passwordless ssh logins helps in so many ways when automating tasks via scripts in Unix/Linux/BSD. Thankfully the great OpenSSH can take care of that for you, allowing you to do ssh, scp, sftp from and to multiple hosts. I always have to look up how to do it, so this time I found a good, consise way, and am setting it here for reference. For more detailed instructions check out the page this is taken from, otherwise fire up yr term and do it, “…for great justice!”

UPDATE2: Recently, while building a proof of concept computer cluster, I came across a much simpler way to do this.  If you have ssh-keygen and ssh-copy-id installed, it’s a two step process.

First, create a password-less ssh rsa key:
ssh-keygen -b 2048 -f ~/.ssh/id_rsa -P ''

Second, copy the key to your remote host:
ssh-copy-id [email protected]

Note, if you’re using a different port, or want to call out any other ssh features, put it in single quotes like this:
ssh-copy-id '-p 2222 [email protected]'

And that’s it, easy cheesy. Might as well test it to make sure it worked:
ssh [email protected]

It should drop you to a prompt on the remote box without asking for a password.

UPDATE: Apparently this has changed slightly, instead of writing to autorized_keys, you should use authorized_keys2 so any updates to the core OpenSSH won’t mess up your ‘local’ keyfile (verus the system one).  Here are the correct (and more complete) directions:

ssh-keygen -t rsa (Enter)
You shouldn’t have a key stored there yet, but if you do it will prompt you now; make sure you overwrite it.

Enter passphrase (empty for no passphrase): (Enter)
Enter same passphrase again: (Enter)

We’re not using passphrases so logins can be automated, this should only be done for scripts or applications that need this functionality, it’s not for logging into servers lazily!

Now, replace REMOTE_SERVER with the hostname or IP that you’re going to call when you SSH to it, and copy the key over to the server:
cat ~/.ssh/id_rsa.pub | ssh REMOTE_SERVER 'cat - >> ~/.ssh/authorized_keys2'

Set the permissions to a sane level:
ssh REMOTE_SERVER 'chmod 700 .ssh'

Lastly, give it a go to see if it worked:
ssh REMOTE_SERVER

ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub | ssh REMOTE_SERVER 'cat - >> ~/.ssh/authorized_keys'
ssh REMOTE_SERVER 'chmod 700 .ssh'
ssh REMOTE_SERVER




Posted on August 10, 2006 by . This entry was posted in geek, howto, linux and tagged , . Bookmark the permalink.
Read previous post:
Dale Chihuly expose

Since first studying his work in art classes during college, I knew that Dale Chihuly produced things differently than the [...]

Close