Using openssh without a password

How to configure OpenSSH to use SSH keys for authentication instead of a password.

Server is running openssh

To enable logging in, without a password, on machine "remote" from machine "local",
in both cases as user "pete", using openssh:

  1. On the local machine:
    1. Ensure that you can connect to the remote machine and the other way around, with the help of your passwords.
      pete@local pete $ ssh remote
      pete@remote's password:
      pete@remote pete $ ssh local
      pete@local's password:
      pete@local pete $ exit
      pete@remote pete $ exit
      pete@local pete $
    2. Generate a private/public key pair in the ssh directory $HOME/.ssh This program asks for
      • The name of the file to save the key in. Just hit <enter>.
      • A passphrase. Just hit <enter>.

      ( Such a key pair needs to be created only once. Hence this step can be skipped if you want to connect to further remote hosts from this local machine.)
      pete@local pete $ cd .ssh
      pete@local .ssh $ ssh-keygen -t dsa
      Generating public/private dsa key pair.
      Enter file in which to save the key (/home/pete/.ssh/id_dsa):
      Enter passphrase (empty for no passphrase):
      Enter same passphrase again:
      Your identification has been saved in /home/pete/.ssh/id_dsa.
      Your public key has been saved in /home/pete/.ssh/id_dsa.pub.
      The key fingerprint is:
      ... pete@here.your.domain

    3. Copy the public key to the remote machine. The target name (local.pub in the example) is not important (unless it overwrites something).
      pete@local .ssh $ scp id_dsa.pub remote:local.pub
      pete@remote's password:
      id_dsa.pub 100% |************************************************| 610
  2. On the remote machine: append the public key for pete@local to $HOME/.ssh/authorized_keys2.
    pete@local pete $ ssh remote
    pete@remote's password:
    pete@remote pete $ cat local.pub >>.ssh/authorized_keys2
    pete@remote pete $ rm local.pub
    pete@remote pete $ exit
    pete@local pete $
  3. Now you should be able to login from the local to the remote machine without being prompted for a password.
    pete@local pete $ ssh remote
    pete@remote pete $

Server is running another ssh implementation

Here we assume that local uses openssh while remote uses some other ssh implementation.

  1. Generate a public/private key pair on local as shown above.
  2. Convert /home/pete/.ssh/id_dsa.pub to the format expected by other ssh2 implementations.
    pete@local pete $ cd $HOME
    pete@local pete $ mkdir .ssh2 # if it doesn't exist yet
    pete@local pete $ ssh-keygen -e -f .ssh/id_dsa.pub > .ssh2/id_dsa.pub
  3. Copy the .ssh2 version to remote (first ensure that your home directory on remote has a .ssh2 subdirectory). Use a name (on remote) that reflects the local machine, e.g. local_id_dsa.pub in the example.
    pete@local pete $ ssh remote
    pete@remote's password:
    pete@remote pete $ mkdir .ssh2 # if it doesn't exist yet
    pete@remote pete $ exit
    pete@local pete $ scp .ssh2/id_dsa.pub remote:.ssh2/local_id_dsa.pub
    pete@remote's password:
    scp: warning: Executing scp1.
    local_id_dsa.pub 100% |***********************************************************| 725 00:00
  4. On remote: announce that .ssh2/local_id_dsa.pub is an authorized public key. Ssh uses a slightly different system than openssh: instead of appending the public key to authorized_keys2, you add a reference to .ssh2/local_id_dsa.pub in the file .ssh2/authorization.

    pete@local pete $ ssh remote
    pete@remote's password:
    pete@remote pete $ echo "Key local_id_dsa.pub" >> .ssh2/authorization
    pete@remote pete $ exit
    pete@local pete $
  5. Now you should be able to login from the local to the remote machine without being prompted for a password.
    pete@local pete $ ssh remote
    pete@remote pete $

Tags: 

Share

You might also be interested in...