Saturday, November 26, 2011

SSH Login Without Password


For this you required to generate your own personal set of private/public pair. ssh-keygen is used to generate that key pair for you.
On the user’s home directory, on the localhost, type

[local-host]$ ssh-keygen -t dsa

This will ask you a passphrase. A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Once entered the passphrase you will be prompted to enter the same passphrase again for confirmation.
The private key was saved in .ssh/id_dsa and the public key .ssh/id_dsa.pub.
Now, copy the public key to the remote machine

[local-host]$ ssh-copy-id -i ~/.ssh/id_dsa.pub user@remotehost

or if you don’t have ssh-copy-id script installed use
 
[local-host]$ cat ~/.ssh/id_dsa.pub | ssh user@remotehost "cat - >> ~/.ssh/authorized_keys"

Now on the localhost machine, on GNOME select System > Preferences > Sessions.
Select Startup Programs and add a new entry with this command.
eval `ssh-agent`
ssh-agent is a program that used together with OpenSSH or similar ssh programs provides a secure way of storing the passphrase of the private key.
Open terminal and run ssh-add without any arguments, it will ask your passphrase once.
ssh-add adds identities to the authentication agent, ssh-agent.

[local-host]$ ssh-add

Enter passphrase for /home/vinod/.ssh/id_dsa:
Identity added: /home/you/.ssh/id_dsa (/home/you/.ssh/id_dsa)
That’s it, now login to remote server it will not ask any password or passphrase.
NB: No one else must see the content of .ssh/id_dsa, as it is used to decrypt all correspondence encrypted with the public key.