SSH Tips – How to Login Securely Without a Password

old fashioned keys SSH is a wonderful tool and will let do do all kinds of amazing things – not to mention that it does them securely. However sometimes when you’re trying to automate steps, or are performing the same steps repeatedly on a trusted machine, the frequent retyping of your username can be a pain. Worse still, if you’re writing a script, you certainly don’t want to hardcode passwords into it for others to grab. In this case, what you can do is use ssh keys to secure your connection.

How to do this differs depending on the operating system of the source machine, IE the machine you are SSHing from. Suppose you have two machines, the local one (your laptop) and the remote one (some server, eg my.server.com) To ssh from the laptop to the server without needing a password, perform these steps:

Linux

On the local machine:
% ssh-keygen -t rsa
Either put in a passphrase or just hit return twice to skip. Note that using a passphrase makes it more secure, but makes automation tricky.

This produces a file called id_rsa.pub in a subfolder called .ssh underneath your some directory. Now you need to transfer that file to the remote server. Note that you’ll need your password to perform this step, and to avoid troubles we’ll rename the file during transfer.

% scp ~/.ssh/id_rsa.pub USERNAME@my.server.com:id_rsa.pub.mylaptop

Now we need to add the id_rsa.pub keys to the proper file on the remote machine (my.server.com). Note that if you don’t already have a .ssh folder on the server, you can just create it, or better yet, run the ssh-keygen command there, as above.

% ssh USERNAME@my.server.com
% cd .ssh
% cat ~/id_rsa.pub.mylaptop >>; ~/.ssh/authorized_keys
% rm ~/id_rsa.pub.mylaptop

Make sure .ssh dir and all it’s files don’t have any open group or other permissions, or this won’t work.

% cd ~/.
% chmod -R go-rwx .ssh

Here’s an example of what the authorized key file will look like. Note that there will be one line (word-wrapped) per each user/machine that has exchanged keys in this manner.

%cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAyJnwH/k4/FdY88p2utHHDc5VSJqL97n/nsK1PkW9q9KWddMIu8u+Golyg4RW10nIGs3A4EYYPn9Gu7dJy+vhO2xRJM4A+EEF/9nYYy/ZLXBlh4V3zMRYLom6TZx9OSTA6L0z9HKdopgJ/HnQ+yEFzS29TBjCs/9Dy4+iS0uVhWs= root@krysia.afraid.org

Windows

Use your favorite ssh tool and check it’s documentation. For now I’ve used puttygen, it should be where you installed putty, probably something like c:\bin. It is a graphical program for managing keys on windows with putty.

Select “SSH2 (RSA)” as the type of key (at the bottom of the screen)

Select “generate” and follow the instructions. It wants you to move your mouse around in a block for awhile to generate randomness. Then it makes a key.

Select “save private key” and either give it a passphrase, or ignore it when it tells you to think about using a passphrase. you can save your private key to disk somewhere. Note that using a passphrase makes it more secure, but makes automation tricky.

Select “save public key” and save it to disk somewhere.

In the normal putty window select load to pull in the profile you want to add the key to. Go to Connection and put the ID in the “auto-login username” box. IE your unix login name.

In the SSH Auth section select the browse button to go to where you stored the private key file, and select it. THen go to the “session” category and select save.

Now you need to take the public key stuff and add it to your ~/.ssh/authorized_keys file on the ssh server machine. If you’re using putty you have pscp that you can use. It’s in the same dir where you put your putty executable.

c:\> cd dir_with_public_key_file
c:\> pscp putty_public_key_file USERNAME@my.server.com:id_rsa.pub.mylaptop

Now connect to the remote system using ssh so you can add your public key to their authorized keys file, IE use ssh or putty. After you’re connected, edit the file you put there, id_rsa.pub or whatever you called it.

Remove the first line of the file that says “BEGIN SSH2 PUBLIC KEY”

Remove the last line of the file that says “END SSH2 PUBLIC KEY”

Remove the line that says “Comment: ”

At the beginning of the first line insert “ssh-rsa ”

At the end of the last line after the =, put something that says what the key is for future reference. IE your user/machine name, like this, instead of “=” put “= user@machine.company.com”

Now there are probably 4 lines in this file, and they all need to be joined into one line. Plus if joining creates spaces they will need to be removed.

Now you can append this to the ~/.ssh/authorized_keys file:

% cat ~/id_rsa.pub.mylaptop >> ~/.ssh/authorized_keys
% rm ~/id_rsa.pub.mylaptop

As an extra bonus, if you’re trying to use the pscp command line in windows (it’s the windows equivalent for scp in unix) then here’s how to do it.

Make sure you’ve done the public key transfer, as above. Then when you call pscp, just pass the “-load” option with the name of the “profile” that you’re using.

Hopefully this helps – I find it very useful. If there are other operating systems, or other tips you’d like to know, just ask.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.