Password-less SSH

This article describes how you go about setting up SSH access without the need of manually entering your password (thus the title; Password-less SSH, or Passwordless SSH to some people). This may or may not be a good idea. It’s up to you to research the security implications of setting something like this up, however in some situations, it’s very handy. This should work on most Unix’s, if you’ve got anything to add, feel free to contact me.

In this scenario, you would like to connect via SSH from local to remote.

[local#] ssh-keygen -t dsa
[local#] scp ~/.ssh/id_dsa.pub username@remote:.ssh/id_dsa_local
[local#] ssh remote
[remote#] cd .ssh/
[remote#] cat id_dsa_local >> authorized_keys2
[remote#] exit
[local#] ssh-add ~/.ssh/id_dsa

Then…

[local#] ssh remote

If everything worked as expected, this should give you:

[remote#]

Since you’re going to the trouble of using secure protocols, you should always make sure you are using strong passphrases.

You must use SSH-Agent to maintain the SSH passwords for your current session, however there is a small utility called Keychain that can help you here. An excerpt from the Keychain web page follows, which explains it’s usefulness very clearly.

“The keychain script makes handling RSA and DSA keys both convenient and secure. It acts as a front-end to ssh-agent, allowing you to easily have one long-running ssh-agent process per system, rather than per login session. This dramatically reduces the number of times you need to enter your passphrase from once per new login session to once every time your local machine is rebooted.”

SHARE THIS POST

Share on facebook
Share on google
Share on twitter
Share on linkedin