Password-less ssh

As the title said I am going to show you that how you can use the built-in mechanism to avoid typing your password at the terminal when connecting through ssh(secure shell) to the remote computer.

I am assuming both the computers(or as many we want to connect) has the required software to play with.I mean that both the boxes has openssh installed and well configured.So first thing first,we need to generate the keys.One is private(which should not be shared) and the public key(which should be shared).

Here is how it can be done…


bhaskar@bhaskar-laptop_08:58:56_Sat Oct 30:~> sudo /usr/bin/ssh-keygen -t rsa

It will ask you for the passphrase(password with space separated words).Once you have done that it will store the public key and private key in the specific users .ssh directory.And the public key file is ended with .pub extension.

Now try to figure out wether ssh-agent is running or not? Now a bit of explanation about it like this:ssh-agent is a program to hold private keys used for public key authentication (RSA, DSA). The idea is that ssh-agent is started in the beginning of an X-session or a login session, and all other windows or programs are started as clients to the ssh-agent program. Through use of environment variables the agent can be located and automatically used for authentication when logging in to other machines using ssh(1).

So how to detect it? Here is the way to do it :

bhaskar@bhaskar-laptop_09:07:26_Sat Oct 30:~> sudo echo $SSH_AGENT_PID
Password:
3482

So it’s running! If it is not running then start a new one like this :

bhaskar@bhaskar-laptop_09:07:51_Sat Oct 30:~> sudo eval $(ssh_agent)

Now tell it the key by running ssh-add .What does ssh-add do?? Here is explanation from the man page itself: ssh-add adds RSA or DSA identities to the authentication agent, ssh-agent(1). When run without arguments, it adds the files ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity. After loading a private key, ssh-add will try to load corresponding certificate information from the filename obtained by appending -cert.pub to the name of the private key file. Alternative file names can be given on the command line.Right?

Now run :


bhaskar@bhaskar-laptop_09:13:11_Sat Oct 30:~> sudo ssh-add

and enter your passphrase. You’ll need to do this each time you log in; if you’re using X, try adding


SSH_ASKPASS=ssh-askpass ssh-add

to your .xsession file. (You may need to install ssh-askpass.) Now for each server you log into, create the directory ~/.ssh and copy the file ~/.ssh/id_rsa.pub into it as ~/.ssh/authorized_keys . If you started the ssh-agent by hand, kill it with

bhaskar@bhaskar-laptop_09:15:19_Sat Oct 30:~> sudo ssh-agent -k

when you log out.

Hope this will help.

Cheers!
Bhaskar

About unixbhaskar
GNU/Linux Consultant

One Response to Password-less ssh

  1. Pingback: Links 31/10/2010: Motorola Wins With Linux, Acer to Put Linux on Tablet (Out in November) | Techrights

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: