Wednesday, March 25, 2009

Using SSH,SCP & SFTP without passwords

SSH is commonly used protocol which allows you secure connectivity and wide spectrum of utilities & features.
For machines that you use alot it's often helpful to set them up so you don't have to use password(s) to log-in. Here is a procedure that shows how to do that step by step:

in the example we will use 2 hosts - host1 ( the local) host2 (the remote)

1-log in to the local machine (I logged in as adams to host1)
2-type the following to generate SSH key:

ssh-keygen -t dsa

Generating public/private dsa key pair.
Enter file in which to save the key (/adams/.ssh/id_dsa): /adams/.ssh/id_dsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/
The key fingerprint is:
5b:1f:98:44:5f:10:b2:69:d1:27:c1:4d:d9:24:de:db adams@host1

3-you must secure the permissions of your authentication keys by closing permissions to your $HOME directory, .ssh directory and authentication files:

chmod go-w $HOME
chmod 700 $HOME/.ssh
chmod go-rwx $HOME/.ssh/*

4-type the following to copy the key to the remote server (replace adams with host2 username)

cd ~/.ssh
scp adams@host2:/tmp

you'll be prompted for password (that's OK)
adams@hosts2's password: ******

5-type the following to add the ssh key to the remote users authentication keys:

ssh adams@host2 'cat /tmp/ >> /home/adams/.ssh/authorized_keys2'

6-for the sshd deamon to accept authorized_keys2 file - your $HOME dir and that file itself must have secure permisssions:

ssh adams@host2 chmod go-w $HOME $HOME/.ssh
ssh adams@host2 chmod 600 $HOME/.ssh/authorized_keys2

finally, remove the key from the /tmp dir:

ssh adams@host2 rm -rf /tmp/

that's it - from now on you shouldn't be asked for password every time you use ssh to host2.

No comments: