Automated SSH login
- Purpose: enable secure access to remote host without interactively prompting for a password/passphrase, so can use SSH in automatic scripts but without storing the password in them.
- Server authentication
- .rhosts ?
- ~/.ssh/known_hosts
- Client authorization
- Generate a key pair for the user:
$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/toolate/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/toolate/.ssh/id_rsa. Your public key has been saved in /home/toolate/.ssh/id_rsa.pub. The key fingerprint is: d7:71:42:51:73:94:75:a7:08:79:af:6d:fb:19:5c:19 toolate@yoga - Add the public key to the list of authorized users of account on server (~/.ssh/authorized_keys):
$ ssh-copy-id -i ~/.ssh/id_rsa.pub jade@forest jade@forest's password: Now try logging into the machine, with "ssh 'jade@forest'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. This added a single (long) line to jade's ~/.ssh/authorized_keys:
ssh-rsa AAAAB3NbtC1xc2EAAAABIwAAAQEA+JEc...9HFsoGtEFBk/p19O74CRt+w== toolate@yoga - Verification: now can login or run commands without being asked for jade's password:
$ ssh friend@feast uptime 15:05:32 up 12 days, 2:44, 1 user, load average: 0.00, 0.00, 0.00
- Generate a key pair for the user:
Notes
- More…
- Permissions?
- sshd configuration options?
- Use a passphrase and ssh_agent? To improve security?
- OpenSSH version used here:
$ ssh -V OpenSSH_4.3p2 Debian-8ubuntu1.4, OpenSSL 0.9.8c 05 Sep 2006 Code:
apt-get source openssh - Use RSA, not DSA, keys, because longer (by default). Cf, eg, discussion in linuxforums.org.
- References:
(Appending notes disabled temporarily.)
Last modified 2009-08-17 13:55:36 +0000