Sunday 23 August 2009

Howto: SSH Public Key Authorisation Login (AKA Passwordless)

To be clear, this is how to login using SSH to another machine without having to enter your password. It is not an all encompassing solution but a "good enough" set up. I have to administer a couple of machines and a shell which I have use of, my own machine is kept up to date and I feel is secure enough with only myself as sole user.

Firstly we should make a key pair if you haven't already done so, these are deposited into into ~/.ssh

ssh-keygen -t rsa

Next we need to get the contents of ~/.ssh/id_rsa.pub onto our remote machine and into ~/.ssh/authorized_keys this can be done a couple ways, I found it as easy to just ssh into the remote machine and paste the contents directly into the file just note that if you paste it in you may have to correct the formatting so it is all on one line, I noticed a couple of line breaks sneak in. You could use something like the following however:

scp -P 20060 ~/.ssh/id_rsa.pub remoteaccount@remotesserver.com

Then you can just append it automatically with the following (we will touch the file in case it doesn't already exist on your machine:

touch ~/.ssh/authorized_keys
cat id_rsa.pub >> ~/.ssh/authorized_keys


We should at this point make the .ssh folder only readable by the owner:

chmod 700 ~/.ssh

You can optionally delete the id_rsa.pub key file if it was in your home folder, its the public key part so its not really necessary in my opinion but it is nice to tidy up after yourself ;)

rm id_rsa.pub

If you try and login now to the remote machine with SSH you should with any luck find you do not have to enter your password at all and can just get right on with your work.

No comments: