Wednesday 23 May 2012

Set up password-less SSH login using ssh-keygen and ssh-copy-id

Logging in remote systems without password is very useful in system administration. It can be used for executing command on remote systems, copying files to other systems using rsync/rdist.

For the past few years, I have been manually setting up the key trust between systems. Here are the steps I followed.

Suppose I need to login to localserver from remoteserver using account scripter without password.

1. generate public-private key pair on localserver
$ ssh-keygen -t dsa
    you can use either dsa or rsa.

2. copy scripter's public key to remoteserver
$ scp id_dsa.pub remoteserver:
3. on remoteserver, append the public key copied in step 2 to ~scripter/.ssh/authorized_keys
$ cat id_dsa.pub >> ~scripter/.ssh/authorized_keys
    if ~scripter/.ssh doesn't exist, manually create it

4. on localserver the directory and files are auto-generated, so the permissions are correct, on remoteserver, as we manually created the directories, we need to make the permissions are correct.
$ chmod 700 ~scripter/.ssh
$ chmod 600 ~scripter/.ssh/authorized_keys

After all these steps, we can login from localserver to remoteserver without entering password:
$ ssh remoteserver hostname
remoteserver

The steps are quite easy, but can it be easier?
Yes! recently I learned the script ssh-copy-id from a forum post, to set up key trust from localserver to remoteserver using ssh-keygen and ssh-copy-id
1. generate public-private key pair on localserver
$ ssh-keygen -t dsa
2. copy the public key from localserver to remoteserver, and set up the key trust
$ ssh-copy-id -i ~scripter/.ssh/id_dsa.pub \
scripter@remoteserver
After you entering the password, everything is set up for you, you can log in remotely without password
$ ssh remoteserver hostname
remoteserver
ssh-copy-id saves us all the troubles of creating files and setting up the proper permission :)

No comments:

Post a Comment