Feb
5
There are those of us that do a lot of ssh during the course of a day. I know I do quite a bit for accessing my files from my office. In any event you’ll probably want to setup public key authentication which allows you to login via ssh without a password.
Of course this adds a level of convenience for you, but could be considered less-secure. While its difficult to spoof an rsa/dsa encryption key (probably more difficult than a simple password) anyone that has access to your machine would be able to access the remote machines via this authenticated key.
There are a few quick steps for setting this up that I’ll outline below.
First you’ll need to generate your local public key. This is the public end of a local public / private pair that you’ll share with the remote machine to identify you.
ssh-keygen -t dsa (on your local machine)
Second you’ll need to copy this key to the remote machine using a command such as:
scp ~/.ssh/id_dsa.pub user@yourserver.com:
Lastly, log into the remote machine via ssh (using your password for the last time!) and use this command to add the newly generated key to the list of authenticated keys:
cat id_dsa.pub >> .ssh/authorized_keys
You’ll also probably want to delete the original key as well.
rm id_dsa.pub
At this point a copy of your key is now stored on the remote machine as an authorized keys and any ssh connection coming from the local machine will match that key and connect with the key authentication instead of a password. So nice.
…just remember that anyone with access to your machine will now have this access as well. Definitely keep this in mind if you’re using any kind of a public machine.
Blogged with Flock
Tags: ssh, authentication, ubuntu, dsa,
I post tutorials very regularly on this site. You may want to consider subscribing to the RSS feed. Or if you'd prefer these tips sent to your inbox you can use Email Subscriptions.
Related Posts
Random Posts
-->Comments
11 Responses to “Unattended SSH login / public key authorization / ssh automatic login”
Leave a Reply
Regarding the Ads on Ubuntu Tutorials...
- I dislike all web-based ads and use AdBlock (or similar) to destroy them! (49%, 155 Votes)
- I don't mind the text-based ads on ubuntu-tutorials.com and currently view them. (31%, 99 Votes)
- I would be willing to disable AdBlock (or similar) for this site considering I have found it helpful. (16%, 51 Votes)
- I subscribe to ubuntu-tutorials.com via RSS or email so ads are a non-issue. (15%, 48 Votes)
- I'd be willing to use the "Donate" button instead of see ads. (5%, 17 Votes)
Total Voters: 316
Loading ...-
Blogroll
OSCON
Subscribe to the RSS feed!
Actually, even with an SSH2 public key, they will still need your passphrase to login.
If you want to make it more secure, you need to disable your SSH2 daemon to only accept public key authentication. By default it will use that first, and then fall back to password authentication if the first one fails.
Or set a passphrase on the SSH key, and then use ssh-add once per session to add it to ssh-agent, so that you don’t have to type it for every ssh invocation.
(If SSH pubkey authentication fails, check the file and directory permissions. Your home directory must not be group-writable!)
a) if someone has access to your machine, you lose, whatever.
b) ssh-copy-id
c) what Marius said about keys.
You should also have a look at “keychain”. It’s a wrapper for ssh-agent which allows you to supply a single passphrase then not have to enter another one until you’ve logged out and in again. The credentials are only cleared when you log in, so cron jobs can use ssh without supplying a password even when you’re logged out, but if someone logs in as you they’ll have to supply the passphrase before they (or cron) can use passwordless ssh again.
[...] If you’re new here, you may want to subscribe to my RSS feed. Thanks for visiting!This is going to be old hat for some, but I know there are those who can benefit from it, so I’ll post a brief tutorial here. This post is to extend upon the post published by Christer on Ubuntu Tutorials. [...]
This guide is by far the simplest and most clear i’ve seen on the internet! Thanks!
[...] have written a bit about some of the uses for ssh (here and here). I thought I would outline a few quick tips on securing an ssh host machine. One of [...]
Why would you delete a public key?
hello- I use ssh-keygen and was given a series of options to choose from. I choose a few but none of them load. any suggestions..
i.e.
ssh-keygen (options)
thanks!
Nice guide.
however, I find some information is missing.
What happens if I’m
joe@localhost in the local machine, but I want to log-in as “johndoe@ssh.somehost.com” ?
All the examples I’ve seen assume that username is the same on both the local system and the remote ssh system.
Or isn’t that the case?
Best
FC
Just apply the authoried key to whatever user you want to login as on the remote system, so for example, if I’m “Kirrus” on my machine, and I want to be “fred” on the remote machine, I’d do:
scp ~/.ssh/id_dsa.pub fred@myserver.com:/home/fred/