How to SSH to your remote server without entering a password every time

by Sukrit Dhandhania on December 17, 2008

Linux

I need to remotely SSH into my Linux servers quite often, and it’s a pain to have to remember so many passwords and type them every time I want to log in. I recently discovered a neat way to be able to SSH into my servers without typing in a password. OpenSSH also allows you to execute commands remotely, and not having to enter a password while doing so means that I can run some automated tasks remotely. Again, this can be very helpful. For any cynics out there this method is quite secure. In fact, in my opinion it is probably more secure than entering a password. Let’s get started with setting up a password-less connection to a remote server. Note that this process will only work on a Linux or UNIX machine. The process itself in pretty straightforward.

The first step is to create a public key to make a secure authentication to the server. Launch a shell terminal on your Linux desktop and run the following command:

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/calvin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/calvin/.ssh/id_rsa.
Your public key has been saved in /home/calvin/.ssh/id_rsa.pub.

This step generates the public key and stores it into the file /home/calvin/.ssh/id_rsa.pub. When asked which file you want the key to be written to, just hit Enter to pick the suggested option. Similarly, when prompted for a passphrase just hit the Enter key twice. This file is stored in your home directory, in the .ssh folder which holds all the SSH server’s configuration files. So, next, you need to copy this file to the server to which you want to be able to SSH without a password.

# scp ~/.ssh/id_rsa.pub username@remoteserver.com:/home/username/

Replace both instances of username in the above command with the username you use to log on to your remote server, and remoteserver.com with the host name or IP address of remote server. Now SSH into that server and add your desktop’s public key to the server’s SSH configuration:

# ssh username@remoteserver.com
# cat ~/id_rsa.pub >> ~/.ssh/authorized_keys2

Next, you need to set the permission of the file ~/.ssh/authorized_keys2 correctly:

# chmod 644 ~/.ssh/authorized_keys2

This is not always required, but I’ve been stuck with problems caused by permission issues many times, besides it does not hurt to set the permissions right. You’re done now. Exit the SSH connection to your remote server and ssh in again. You should now not be prompted for a password.

Now you can do lots of cool things on your remote server. For example, run the command:

# ssh username@remoteserver.com “uptime; df -h”

The command should give you the desired output from your remote server directly on your local shell, without prompting you for your password. You can also copy files to or from your remote server without worrying about having to enter a password. This means you can do things like download you daily backup from your remote server to your local desktop everyday using a simple shell script. This is quite a powerful tool. Use it with caution.

  • http://www.sysadminsjourney.com Justin Ellison

    For any cynics out there this method is quite secure. In fact, in my opinion it is probably more secure than entering a password.

    Umm… I completely disagree. There are cases where using a blank passphrase on a key is convenient, and even sometimes where it’s necessary, but it’s not as secure as using a passphrase.

    If I successfully compromise your workstation, if you don’t secure your private key with a passphrase, it’s really</b. game-over. Not only will I have control of your workstation, but I will have free reign on all the remote boxes that you’ve setup key-based authentication to. If you secure the private key with a passphrase, I will only have control of your workstation.

    It’s not something that’s inherently insecure, but it’s something that readers should be made aware of.

    Justin

  • http://blog.myhnet.cn myhnet

    hmmm, now, we just use a command called “ssh-copy-id” to copy the public key to remote servers, you need to use cat, scp, it makes everything quite easier now.

    see my website:
    http://blog.myhnet.cn/2008/12/30/how-to-ssh-to-your-remote-server-without-entering-a-password-every-time

  • http://standalone-sysadmin.blogspot.com Matt Simmons

    @Justin & Sukrit

    Your best bet is to use a key-agent to manage your pass phrases. I wrote about methods of allowing the agent to run in the background of servers on my blog a while back:

    http://standalone-sysadmin.blogspot.com/2008/11/host-to-host-security-with-ssh-keys.html

  • Pingback: Daily Lifestream Digest for 2009-01-04

  • http://www.kshells.net KanKouni

    thank you very much .

    your example helped me to learn how to make a secure ssh key with ssh-keygen .

    thanks

  • http://www.mardal.ma Markus

    thanks for the article, helped me out to set up auto-backup routines!

  • Truong Phan

    thank you very much for tour article, this really saved me a lot of time and memory

  • Pingback: ssh免密码登陆(证书认证)|集群ssh双向免密码登陆必须做的事情 | cange blog