[The Computer Kid] Password-less SSH

[Conrad Sykes]

What It Is

Password less SSH uses asymetric encryption to create a private and public key which allows for authentication without a password. "asymetric encryption" means that the algorithm (aka the key) used to encrypt the data cannot be used to decrypt the data. When using asymetric encryption you generate a public and private key. The public key is used to encrypt the data and the private key is used to decrypt it.

The best analogy for this system is a box with a padlock. You can give the box to a friend and they can put something in it, but once the padlcock is shut you are the only person who is able to open it, since only you know the combination (aka the private key). Thus with SSH we can use this system to authenticate users. Essentially, the client (local machine) has a private key, and the the server (remote machine) has the public key. When the client asks to connect to the server, the server uses the public key to encrypt a number/pass-phrase and then sends it to the client. If the client is who he claims to be and has the private key then the client will be able to decrypt the pass-phrase and correctly answer the server, therein validating his identity.  

How To Set It Up

In this "how to" we will use the word "client" to mean the local machine, and "server" to mean the remote machine you are connecting to.

Step 1: Create Public and Private Keys

From the client open a terminal and run the following command, and accept the defaults by repeatedly pressing enter.

ssh-keygen -t rsa  

Step 2: Upload Public Key To The Server

Run the following command to transfer the public key into the home directory of your user on the server. Change "user" and "serverIP" to the appropriate values.

scp ~/.ssh/id_rsa.pub user@serverIP:

Step 3: Create .ssh Directory On The Server

SSH into the server as you normally would (using a password). Then in the home directory of the user on the server that you just ssh'd into create a .ssh folder if it does not already exist.

mkdir ~/.ssh

Step 4: Make the Public Key An Authorized Key

From the server (in your users home directory) type the following command which will add the public key we just transferred as an authorized SSH key.

cat id_rsa.pub >> .ssh/authorized_keys

Now we can delete the public key from the home folder...

rm id_rsa.pub

Step 5: Set Permissions On Server

On the server (in your users home directory) run the following commands to set the appropriate permissions on the .ssh folder and authorized_keys file. Note: This step may not be necessary depending on your system configuration but better to play it safe.

chmod 700 .ssh
chmod 640 .ssh/authorized_keys

You're Finished!

That's it! From now on you should be able to SSH on to the server from your client without being prompted for a password.

--
Posted By Conrad Sykes to The Computer Kid at 7/26/2013 08:42:00 AM