Home > linux, networking, Software, ubuntu > SSH Sessions with no password

SSH Sessions with no password

This was adapted from here.

The basic idea is that in the crypto system that ssh uses (RSA or/and DSA)  the encryption and  decryption are done using different keys. Basically, what the user (client) needs is to generate a public/private key pair. The server will know the public key, but only the client will know the private key. When the client connects to the server, it  tells its own public key. If this key is allowed (if it is between the known public keys list on the server), the server will send a randomic number to the client. This encrypted number can only be decrypted if the appropriate decryption key is used, and this decryption key is the client’s private one. The client then uses then its own private key and decrypt the number. If this is done correctly, the server will grant the access with no more questions. As you can see the system is safe, because the client never tells anybody about its private key; and this key cannot be inferred using the public one.

What must be done is to generate a public/private key pair, and copy the public part into the appropriate place on the server side.

Step by step instructions:

On the user’s home directory, on the client machine, type

local> ssh-keygen -t dsa -f .ssh/id_dsa

-t tells the type of encryption
-f tells where to store the public/private key pairs. In this case, the .ssh directory on home is being used

A password will be asked; leave this part blank, just pressing <enter>
Now, go the .ssh directory, and you will find two new files: id_dsa and id_dsa.pub. The last one is the public part. Now, copy the public key to the server machine

local> cd .ssh
local> scp id_dsa.pub user@remote:~/.ssh/id_dsa.pub

Of course, this time you will need to enter the password.
Now, login into the server machine and go to the .ssh directory on the server side

local> ssh user@remote
remote> cd .ssh

Now, add the client’s public key to the know public keys on the server

remote> cat id_dsa.pub >> authorized_keys2
remote> chmod 640 authorized_keys2
remote> rm id_dsa.pub

remote> exit

That’s all.
Next time you log into the remote server, no password will be asked!

Combined with the gnome sshmenu applet, this can be a real time saver.

Categories: linux, networking, Software, ubuntu
  1. June 29, 2010 at 5:20 pm
  1. No trackbacks yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: