Password-less SSH Login

If you have a Linux or OS X server box having a Password-less SSH login is a very efficient way of handling communications between your local machine and your remote host. In this post I’ll show you how to make it happen.

The first step is creating a SSH key pair in your local host, this is simple enough, just use the command below to create them.

ssh-keygen –t rsa

You will be prompted for a passcode, leave the password empty if you want to have a passwordless login, otherwise you will always be prompted for a password to unlock your key. The default settings will generate a 2048 bit RSA key pair and will store them in the location below.

~/.ssh

You should see two files in your .ssh directory, “id_rsa” and “id_rsa.pub”. Of these files id_rsa is your private key and id_rsa.pub is your public key.

You can customize your keys if you wish, the command below will create a 4096 bit RSA key and will name the files “key_name”. The keys will not require a password since you are not specifying one.

ssh-keygen –t rsa –b 4096 –f key_name –P “”

At the remote server make sure you have a file named “authorized_keys” in your .ssh directory. If you don’t have a .ssh directory and/or authorized_keys file, use the commands below to create your .ssh directory and authorised_keys file.

For the directory use this command.

mkdir ~/.ssh ; cd ~/.ssh

For the authorized_keys file use this command.

touch ~/.ssh/authorized_keys

Make sure you have write privileges to authorized_keys, if you don’t have write privileges use the command below to change the permissions. Is very important to have write permissions because the next step will fail if you don’t.

chmod u+w ~/.ssh/authorized_keys

Now, the tricky part is to transfer your key to the remote server, the most reliable way is to use the command below on the client host. If you get a read-only that means that the current user does not have write permissions to the file, go back to the previous step and change the permissions.

cat ~/.ssh/id_rsa.pub | ssh user@remotehost 'cat >> ~/.ssh/authorized_keys'

You are almost done, on the remote host navigate to ~/.ssh and change the permissions for authorized_keys like so:

chmod 700 ~/.ssh
chmod 640 ~/.ssh/authorized_keys

You should now be able to log to your server without entering a passcode!

No Comments, Be The First!

Leave a Reply