Skip to main content

Passwordless SSH logins


There are a few cases where having passwordless access to a machine is quite convenient or necessary. I'm looking up for commands that I can just copy and paste to do it right quick. Below are the steps:-

1. Generate key pair:-

       One of the login modes of SSH is to use a SSH key based authentication. A key pair is made up of both a private and a public key. The private key is kept on your local machine very securely while your public key is what you distribute to all the machines you want to log in to. There are a few flavors of keys you can generate, rsa1 (for SSH1), dsa (SSH2), or rsa (SSH2). Most linux admins like DSA. You can (and should) associate a password with your key pair, so that only you can use it even if someone else manages to gain access to your account. Password for key is not recommened when you want to use it for daily tasks or tasks that are done through cron jobs. If you have more than one key pair, using the same password for all key pairs will make them all active at the same time. You can also vary the number of bits used for the key. The more bits you use the harder it will be to crack, but I believe at a nominal performance drop. I was recommended to use 2048 bits. Very well, 2048 bit DSA key it is

 ssh-keygen -t dsa -b 2048
# Type in strong password or no password when you don't want any password prompt.

 If for some reason you need an rsa key, you can just replace the type with the appropiate argument, -t rsa or -t rsa1.

 NOTE: You need to make sure the permissions of the files in this directory are set to allow read/write for the user only (-rw------- or chmod 600 *). The most important files to do this for are the authorized_keys and private keys files. Sometimes logging in will silently fail if you don't have the permissions set correctly.
2. Copy public key to remote machine:-

     Once you made your key pair, you should copy your public key to the remote machine and add it to the remote user's .ssh/authorized_keys file. There are several ways to do this. The easiest one is using the ssh-copy-id command:-

     ssh-copy-id -i ~/.ssh/id_rsa.pub remote-user@remote-host

 You can also use below command:-

 cat ~/.ssh/id_dsa.pub | ssh user@remote.machine.com 'cat >> .ssh/authorized_keys'

 or you can manually transfer the pub file to remote machine & put it inside the authorized_keys of remote user.
3.  Login to remote server:-

     As the public key is copied now. We can just login & check if its working:-

     ssh remote-user@remote-host

    It should take you to remote host without asking for password ( if you've not provided any password with key )
It is recommended that once you have the ability to log in remotely as root with keys, you should disable password-based logins via ssh by making sure the following line is in /etc/ssh/sshd_config:-

 PermitRootLogin   without-password
Labels:

Comments

Post a Comment

Popular posts from this blog

Virtual Box and Alt/Tab Keys

I use virtual box for all my testing activities. It comes too often that I have a virtual box VM window open & I want to switch to my host machine to see some stuff like tutorials etc.. If you press the alt+tab combination it just works inside the VM & doesn't switches to host machine. In these scenarios you can press the host key once ( not hold it ) & then whatever you press goes to host machine. So in general where host key is the default Right Ctrl, just press Right Ctrl once & now press the alt+tab & it will switch you out to host machine. This is really helpful when you have the VM windows open or you're working on seamless mode. Hope it help others too.
4 comments
Read more

CentOS / Redhat : Configure CentOS as a Software Router with two interfaces

Linux can be easily configured to share an internet connection using iptables. All you need to have is, two network interface cards as follows: a) Your internal (LAN) network connected via eth0 with static ip address 192.168.0.1 b) Your external WAN) network is connected via eth1 with static ip address 10.10.10.1  ( public IP provided by ISP ) Please note that interface eth1 may have public IP address or IP assigned by ISP. eth1 may be connected to a dedicated DSL / ADSL / WAN / Cable router: Step # 1: Enable Packet Forwarding Login as the root user. Open /etc/sysctl.conf file # vi /etc/sysctl.conf Add the following line to enable packet forwarding for IPv4: net.ipv4.conf.default.forwarding=1 Save and close the file. Restart networking: # service network restart Step # 2: Enable IP masquerading In Linux networking, Network Address Translation (NAT) or Network Masquerading (IP Masquerading) is a technique of transce...
4 comments
Read more

AMD Radeon™ HD 7670M on Ubuntu 12.04

Update:   Recently I install kubuntu 13.10 and there is no problem with graphics. It just works  fine out of the box. I've seen many blog posts on how to make AMD HD7670M work on Ubuntu 12.04, specially when its in switchable graphics board like Dell Inspiron 15R 5520. I tried many things to make it work so that I could use the cinnamon desktop on ubuntu & other things too.. But to my surprise even the drivers from AMD site didn't work. Then I tried a combination of those blog posts I read & somehow I became successful in running the full graphics including compiz settings inside My Ubuntu Machine. Following are the steps I followed & it worked... 1. Create a backup of your xorg configuration file: sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.BAK 2. Remove/purge current fglrx and fglrx-amdcccle : sudo apt-get remove --purge fglrx* 3. Install the driver: sudo apt-get install fglrx fglrx-amdcccle 4. Install additiona...
21 comments
Read more