May 5, 2010

SSH without password using a secure RSA key

ssh without password is use full when implementing scheduled jobs for scripts and backups

To scp, ssh and rsync without prompting for password

# ssh-keygen -t rsa


This will prompt for a passphrase. Just press the enter key. It’ll then generate an identification (private key) and a public key. Do not ever share the private key with anyone! ssh-keygen shows where it saved the public key. This is by default ~/.ssh/id_rsa.pub:
Your public key has been saved in /.ssh/id_rsa.pub

Transfer the id_rsa.pub file to host_dest by either ftp, scp, rsync or any other method.

On host_dest, login as the remote user which you plan to use when you run scp, ssh or rsync on host_src.

Copy the contents of id_rsa.pub to ~/.ssh/authorized_keys.

# cat id_rsa.pub >> ~/.ssh/authorized_keys
# chmod 700 ~/.ssh/authorized_keys


If this file does not exists, then the above command will create it. Make sure you remove permission for others to read this file. If its a public key, why prevent others from reading this file? Probably, the owner of the key has distributed it to a few trusted users and has not placed any additional security measures to check if its really a trusted user.

Well, thats it. Now you can run scp, ssh and rsync on host_src connecting to host_dest and it won’t prompt for the password. Note that this will still prompt for the password if you are running the commands on host_dest connecting to host_src. You can reverse the steps above (generate the public key on host_dest and copy it to host_src) and you have a two way setup ready!

No comments: