Sunday 22 May 2011

Passwordless SSH

Setting up the keys on the local machine
Create keys of all sorts, so it will always work (some old computers only serve ssh1):
ssh-keygen -t rsa
ssh-keygen -t rsa1
Leave the default filename asked (press enter). Don't enter a password. You only need to run this once. It will then work for all your connections!

If the rsa first line doesn't work, you can try this (but don't use this one unless rsa doesn't work - RSA, by default, is twice as strong as DSA):
ssh-keygen -t dsa
Agree to the default names but give them passwords when you do this. I???d give each key the same password for ease of use.

Setup the remote host to accept the connections without passwords from the local machine
Before doing this, please make sure you make some SSH connection to create the .ssh directory and file structure.
scp ~/.ssh/id_rsa.pub remote_account@remote.host:~/.ssh/id_rsa_temp.pub
ssh remote_account@remote.host 'cat ~/.ssh/id_rsa_temp.pub >> ~/.ssh/authorized_keys2'
ssh remote_account@remote.host 'rm ~/.ssh/id_rsa_temp.pub'
Then authorise your keys for all systems that share your home directory (on the remote host):
cd ~/.ssh
cat *.pub >> authorized_keys
Now, it should work! Try to SSH to the remote machine and check if it asks you for a password...

Problems

Permissions
If any of the files (or directories leading up to the files) have permissions set too loose, the connection will fail. Permission errors may be logged on the server side by the sshd(8) daemon.

Authentication refused: bad ownership or modes for directory ???

In most cases, potential permission problems can be solved by restricting down access to the SSH configuration files. Permission changes to the home directory might be needed, though restricted rights may break other things, such as a webserver's access to ~/public_html, for example.
server$ chmod go-w ~/
server$ chmod 700 ~/.ssh
server$ chmod 600 ~/.ssh/authorized_keys
You can also use this script to automate the Key transfer:

On the Source
Create the file configure_ssh_without_password.sh with the following contents:
#!/bin/bash
echo "Syntax: $0 remote_account destination_ip"
MYHOST=`hostname`
ssh $1@$2 'mkdir -p ~/.ssh'
scp ~/.ssh/id_rsa.pub $1@$2:~/.ssh/id_rsa_temp.pub
ssh $1@$2 'cat ~/.ssh/id_rsa_temp.pub >> ~/.ssh/authorized_keys2'
ssh $1@$2 'cat ~/.ssh/*.pub >> ~/.ssh/authorized_keys'
ssh $1@$2 'rm ~/.ssh/id_rsa_temp.pub'
Now run
chmod +x configure_ssh_without_password.sh
./configure_ssh_without_password_destination.sh DESTINATION_IP

Possibly Related Posts

No comments:

Post a Comment