{"id":75,"date":"2009-01-14T09:21:39","date_gmt":"2009-01-14T16:21:39","guid":{"rendered":"http:\/\/www.1oc.com\/blog\/?p=75"},"modified":"2009-01-14T09:21:39","modified_gmt":"2009-01-14T16:21:39","slug":"ssh-without-password","status":"publish","type":"post","link":"http:\/\/blog.1oc.com\/?p=75","title":{"rendered":"SSH Without Password"},"content":{"rendered":"

\u00a0<\/p>\n

Sometimes we need a ssh connection that do not ask for passwords. It is use frequently in scripts that involve ssh, scp or sftp connections.\u00a0<\/p>\n

So, those are the steps to make such connection.<\/p>\n

1. Login as user1 on computer1 and generate a pair of authentication keys. Note: even if is unsecured to work without password, do not enter it. Let it empty…<\/p>\n\n\n\n
[user1@computer1]$ ssh-keygen -t rsa\u00a0
\nGenerating public\/private rsa key pair.\u00a0
\nEnter file in which to save the key (\/home\/user1\/.ssh\/id_rsa):\u00a0
\nCreated directory ‘\/home\/user1\/.ssh’.\u00a0
\nEnter passphrase (empty for no passphrase):\u00a0
\nEnter same passphrase again:\u00a0
\nYour identification has been saved in \/home\/user1\/.ssh\/id_rsa.\u00a0
\nYour public key has been saved in \/home\/user1\/.ssh\/id_rsa.pub.\u00a0
\nThe key fingerprint is:\u00a0
\n31:df:a5:73:4a:2f:a6:6c:1c:32:a2:f2:b3:c5:a7:1f user1@computer1<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

2. Login to the remote computer (computer2) as user2 and create the .ssh directory (many Linux distributions create this folder by default. No problem with that.). You still need the password for now…<\/p>\n\n\n\n
[user1@computer1]$ ssh -l user2 computer2 mkdir -p .ssh\u00a0
\nuser2@computer2’s password:<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

3. Copy the user1 public key to user2@computer2 .ssh folder into authorized_keys file. And, type the password again for the last time, hopefully…<\/p>\n\n\n\n
[user1@computer1]$ cat .ssh\/id_rsa.pub | ssh -l user2 computer2 \u00a0
\n>’cat >> .ssh\/authorized_keys’\u00a0
\nuser2@computer2’s password:<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

4. If all things are OK, you don’t need the password<\/p>\n\n\n\n
[user1@computer1]$ ssh -l user2 computer2\u00a0
\n[user2@computer2]$<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

..or optionaly (see the troubleshooting section of this page):\u00a0<\/p>\n\n\n\n
[user1@computer1]$ ssh -i $HOME\/.ssh\/id_rsa user2@computer2<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u00a0<\/p>\n

NOTE:<\/strong>
\nThis is the way not only for ssh but also for scp and sftp as well…<\/p>\n

TROUBLESHOOTING:<\/strong>
\nIf the password prompt will be shown again check the \/etc\/ssh\/ssh_config and uncomment or insert the following option:<\/p>\n\n\n\n
IdentityFile ~\/.ssh\/id_rsa<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

As you can see, the above option is for RSA type keys. If you want to generate the key pairs using DSA change the “id_rsa” with “id_dsa”. Sound logic, right?\u00a0
\nThis modification in \/etc\/ssh\/ssh_config file can be avoided if you will use the parameter “-i” followed by the location of the key file as in example:\u00a0<\/p>\n\n\n\n
[user1@computer1]$ ssh -i $HOME\/.ssh\/id_rsa user2@computer2<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u00a0
\nAlso, if you do have write permissions for either the .ssh directory or for the authorized_keys file on the remote machine, then sshd will consider that the procedure is not safe enough, so it will abort the RSA challenge-authentication mode (mode 3) and will go to the default mode (mode 5) asking you for the password on the remote machine. Set chmod 700 for .ssh folder and 600 authorized_keys file.<\/p>\n","protected":false},"excerpt":{"rendered":"

\u00a0 Sometimes we need a ssh connection that do not ask for passwords. It is use frequently in scripts that involve ssh, scp or sftp connections.\u00a0 So, those are the steps to make such connection. 1. Login as user1 on … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,8,9],"tags":[],"class_list":["post-75","post","type-post","status-publish","format-standard","hentry","category-mac-server","category-servers","category-unix"],"_links":{"self":[{"href":"http:\/\/blog.1oc.com\/index.php?rest_route=\/wp\/v2\/posts\/75","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.1oc.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.1oc.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.1oc.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.1oc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=75"}],"version-history":[{"count":0,"href":"http:\/\/blog.1oc.com\/index.php?rest_route=\/wp\/v2\/posts\/75\/revisions"}],"wp:attachment":[{"href":"http:\/\/blog.1oc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=75"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.1oc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=75"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.1oc.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=75"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}