09 Jan 2008 SSH Without a Password
Posted by Hans-Henry Jakobsen
The following steps can be used to ssh from one system to another without specifying a password.
Notes:
- The system from which the ssh session is started via the ssh command is the client.
- The system that the ssh session connects to is the server.
- These steps seem to work on systems running OpenSSH.
- The steps assume that a DSA key is being used. To use a RSA key substitute ‘rsa’ for ‘dsa’.
- The steps assume that you are using a Bourne-like shell (sh, ksh or bash)
- You should consider the security risks before implementing this feature
Steps:
- On the client run the following commands:
-
$ mkdir -p $HOME/.ssh
-
$ chmod 0700 $HOME/.ssh
-
$ ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -P ''
This should result in two files, $HOME/.ssh/id_rsa (private key) and $HOME/.ssh/id_rsa.pub (public key).
- Copy $HOME/.ssh/id_rsa.pub to the server.
- On the server run the following commands:
-
$ cat id_rsa.pub >> $HOME/.ssh/authorized_keys2
-
$ chmod 0600 $HOME/.ssh/authorized_keys2
- On the client test the results by ssh’ing to the server:
-
$ ssh -i $HOME/.ssh/id_rsa server
- (Optional) Add the following $HOME/.ssh/config on the client:
Host server IdentityFile ~/.ssh/id_rsa
Depending on the version of OpenSSH the following commands may also be required:
$ cat id_rsa.pub >> $HOME/.ssh/authorized_keys $ chmod 0600 $HOME/.ssh/authorized_keys
An alternative is to create a link from authorized_keys2 to authorized_keys:
$ cd $HOME/.ssh && ln -s authorized_keys2 authorized_keys
This allows ssh access to the server without having to specify the path to the id_rsa file as an argument to ssh each time.
Tags: ssh
Reader's Comments
Is it possible to eloborate further on steps 12, 13 and 14….I am confused about it.
Hi, I have fixed a typo in this post.
Thanks for the tip
I think there’s typo here. It’s not ‘id_dsa’ instead it’s ‘id_rsa’ in several places.
Yes, you are right.
I have fixed the typos, thanks :)