This tutorial will help you how to SSH to a remote machine without typing your password. You can use this technique if you find yourself logging in to the same machine frequently and find typing your password tedious. It is also useful in scenarios when you have a script which needs to pull some files from a remote machine or perform a task on a remote machine via SSH, and you want to run this script automatically without having a human to type a password.
These instructions work on Linux and Mac. You can achieve the same result on Windows using Putty.(Not tested)
Step 1: On local machine: Generate Authentication Keys
Authentication keys are a pair of private and public keys. The public key is like your login. Unlike a conventional login name, the public key is 2-3 lines long and looks like garbage or claptrap. Don’t worry, you never have to type it manually. Your private key is like your password, but much longer that a regular password. You can generate your public and private keys by typing the following command:
test@suse123> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/kapil/.ssh/id_rsa):
Accept the default choice.
Hit enter.
Hit enter twice.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
A passphrase encrypts your private key so that no one can see it. However, you should NOT encrypt your private key if you want a password-less login.
The key fingerprint is:
5e:26:54:34:a1:28:18:68:11:11:7d:8d:c6:d5:4b:bf kapil@infogain.com
What happened after running the command?
On your local server you just created 2 files in your ~/.ssh directory.
-rw------- 1 kapil test 1675 2011-08-17 17:27 id_rsa
-rw-r--r-- 1 kapil test 411 2011-08-17 17:27 id_rsa.pub
id_rsa contains your private key.
id_rsa.pub contains your public key.
Step 2 : On remote machine: authorize password less login
Login to remote machine
ssh hostname -l username
The authenticity of host 'infogain.com (XXX.XXX.XXX.XX)' can't
be established.RSA key fingerprint is
44.2b:93:ce:1b:1b:99:3a:6d:91:d1:50:aa:0d:87:40.
Are you sure you want to continue connecting (yes/no)? yes (yes and hit enter)
Warning: Permanently added 'infogain.com ,XXX.XXX.XXX.XX' (RSA) to the
list of known hosts.
username@infogain.com's password: Enter your password, and hit enter.
Create a .ssh directory on the remote machine and create a authorized_keys
file in that directory. You need to copy the entire contents of your
local machine’s ‘id_rsa.pub’ and paste it in the .authorized_keys file
on the remote server.
- mkdir -p .ssh
- chmod 700 .ssh
- cd .ssh
- touch authorized_keys (Not necessary for use to modify timestamp)
- chmod 600 authorized_keys
- vi authorized_keys
- # Do not forget to copy-paste the entire contents of your local machine's ~/.ssh/id_rsa.pub file in authorized_keys
- # logout
- exit
Note **: Make sure you have the right permissions for .ssh directory and authorized_keys file, as shown in chmod command above otherwise SSH will not honor your authorized_keys.
Now you should be able to login to the remote server without typing your password.Type the below command from your local machine.
ssh hostname -l username
SSH should log you in without password! Now, you can also scp without having to enter your password.
Thanks - Kapil Pant
