Password Free Logins Over ssh (Part 1)

Are you sick of typing in passwords when sshing into systems or when transferring files of scp of sftp. Well the good news is that there is an easier and safer way to do this with ssh keys.

Essentially you create a private key and a public key. You place the public key on the remote systems you log into and “unlock” them with your private key. The beauty is that you can have this happen in the background.

Create Your SSH Keys

First you need to set up some ssh keys. We are going to generate 1280 bit DSA key pairs which should be reasonably secure for the next few years. This is easy to do just type:

  
  ssh-keygen -t dsa -b 1280 


You will be prompted to “Enter the file into which you want to save the key.” the default should be fine so just hit enter.

Next you will be prompted for a passphrase. You have a decision to make here. If you enter a passphrase you will need to put this in every time you want to use your private key, ie every time you try to log onto a server. This makes your key less secure however.

I recommend that you put in a passphrase, because in part 2 I am going to show you how to overcome this passphrase problem.

To quote the man page on creating a good passphrase,

“Good passphrases are 10-30 characters long, are notsimple sentences or otherwise easily guessable (English prose has only 1-2 bits of entropy per character, and provides very bad passphrases), and contain a mix of upper and lowercase letters, numbers, and non-alphanumeric characters.”

If you choose not to use a passphrase, you can leave this blank and hit enter.

It should now display the key fingerprint. It is very important that you memorize this key… Just kidding. A little geek humor there, very little.

This will create a couple of files in /Users/<yourusername>/.ssh/ on and OS X box or most likely /home/<yourusername>/.ssh/ on a linux/bsd box

Transfer Your Key to the Server

Type

  cd ~/.ssh/


to transfer to the .ssh directory in your home directory.

Type

  ls 


to list the files. You should see a file named id_dsa.pub. This is the public key that will allow you to log onto the server without having to enter your password each time.

Now you need to copy this file to the server. You will do this with scp (secure copy)

type in

  
  scp id_rsa.pub <username>@<server>:~/.ssh


This performs a secure copy to the .ssh directory in your home directory (The “~” part is shorthand for the path to your home directory). This assumes that the .ssh directory already exists. If it doesn’t log onto the server and type mkdir ~/.ssh

Set Up Your Authorized Keys File

Now log into the server again by entering

  ssh <username>@<server>


Enter your password for the last time (hopefully).

Type

  cd ~/.ssh/ 


Type

  ls 


you should see the id_dsa.pub file that we copied over in this directory.

Now type

  cat id_dsa.pub >> authorized_keys2 


This will put your public key in the list of allowed keys. (Using “>” instead of “>>” would overwrite the destination file, instead of appending to it.)

Type

  
  control-d 


to return to you local machine.

Verify Everything is Working

Now try to ssh in again by typing

  ssh <username>@<server>


This time you should not be prompted for a password and you should be logged into the server.

You can type in

  
  control-d 


or

  
  exit 


again to log off.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: