Wednesday, October 5, 2011

SSH access with no password

The following steps can be used to ssh from one system to another without specifying a password.

Notes:

The system from which the ssh session is started via the ssh command is the client.
The system that the ssh session connects to is the server.
These steps seem to work on systems running OpenSSH.
The steps assume that a DSA key is being used. To use a RSA key substitute 'rsa' for 'dsa'.
The steps assume that you are using a Bourne-like shell (sh, ksh or bash)
Some of this information came from:
http://www.der-keiler.de/Mailing-Lists/securityfocus/Secure_Shell/2002-12/0083.html


Steps:

On the client run the following commands:

$ mkdir -p $HOME/.ssh
$ chmod 0700 $HOME/.ssh
$ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ''
This should result in two files, $HOME/.ssh/id_dsa (private key) and $HOME/.ssh/id_dsa.pub (public key).
Copy $HOME/.ssh/id_dsa.pub to the server.

On the server run the following commands:

$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys2
$ chmod 0600 $HOME/.ssh/authorized_keys2
Depending on the version of OpenSSH the following commands may also be required:
$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys
$ chmod 0600 $HOME/.ssh/authorized_keys
An alternative is to create a link from authorized_keys2 to authorized_keys:
$ cd $HOME/.ssh && ln -s authorized_keys2 authorized_keys


On the client test the results by ssh'ing to the server:

$ ssh -i $HOME/.ssh/id_dsa server
(Optional) Add the following $HOME/.ssh/config on the client:

Host server
IdentityFile ~/.ssh/id_dsa
This allows ssh access to the server without having to specify the path to the id_dsa file as an argument to ssh each time.

No comments:

Post a Comment