8cbvcg
Last Updated: February 25, 2016
·
2.599K
· sebas5384
Cebad8f65f75b33337d65b0099eb6109

SSH without password using keys

I believe that are the simple things in life the ones that change you, and this one, is definitely is one of those.

You depend on that bloody document with all the nice and well randomically generated passwords?

Don't you hate that? well my friend, probably you already know about ssh keys to clone some repositories and that kind of stuff, but if you are still using passwords to manage your servers, here's a nice tip about what you can do to make your life better.

me@local:~ $ ssh my-server
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.8.0-29-generic x86_64)
.....
remote-me@remote-server:~ $ echo "logged into my remote server"

how? well...

Let's say someone (or your self) creates a user in a remote linux (or unix based) server, and you receive these ssh credentials:

host: my-server.com
port: 2222
user: homer
password: simpson

1. Create your private key, and follow the steps.

For a simple key just press enter to all. (check if you already have one in ~/.ssh/id_rsa).

me@local:~ $ ssh-keygen -t rsa

2. Configure the server into the ssh config file.

Create or add the follow lines in the file "~/.ssh/config":

Host my-server
  HostName my-server.com
  User homer
  Port 222

So now you can ssh to the server without specifying anything but the name and password:

me@local:~ $ ssh my-server

3. Copy your public key to the remote server "my-server".

You will only need the password for this, and then you are done!

me@local:~ $ ssh-copy-id my-server

4. Login into the remote server without any password:

me@local:~ $ ssh my-server
homer@my-server:~ $ echo "logged into my remote server without password"

So that's it !!, but it's more:

You can always generate a new private ssh key in the remote server and make the user password less, so then you can forget about passwords.
Edit the file "/etc/sudoers" or create a new file "homer" if exist "/etc/sudoers.d/", lookup for your user, for example if your user is "homer":

homer ALL=(ALL) NOPASSWD: ALL
  • If you create a new file "/etc/sudoers.d/homer" you should set permissions to 0400.

Crazy op about security: If you leave your computer open and without a password, then probably you don't deserve this kind of tool. Also you can always create another user to manage your work keys.

There's always a good reason to have passwords, but, think if that is really your need.

Say Thanks
Respond

8 Responses
Add your response

15585
9582a1e999527bea2c2fa342dceb03d0

You can also generate different keys for different servers, instead of using id_rsa. In .ssh/config where your host is configured you can add an entry like this:

IdentityFile ~/.ssh/some_other
over 1 year ago ·
15586
E30bf066ebc2b2fa24ec5be2474b1ecf

On every login I still have to type in the paaphrase from my local ~/.ssh/id_rsa file, is this correct?

$ ssh myserver
Enter passphrase for key '/home/myusername/.ssh/id_rsa':
over 1 year ago ·
15594
Cebad8f65f75b33337d65b0099eb6109

Yeah hoffoo! exactly, actually its the best practice :)

over 1 year ago ·
15595
Cebad8f65f75b33337d65b0099eb6109

Heart1010 yes!

over 1 year ago ·
15621
D42a7264714dee5006b9c99d2567a320

I loved the idea of a passwordless sudo in the beginning but it's generally advised against, see this thread:
http://serverfault.com/questions/580881/is-it-ok-to-set-up-passwordless-sudo-on-a-cloud-server

over 1 year ago ·
15637
40de750233b3ce8268f235ba0b6a489b

Also, you should really be using ECDSA instead of RSA ... just saying

over 1 year ago ·
15647
Cebad8f65f75b33337d65b0099eb6109

@teresko why ECDSA is better than RSA ?

Take a look at this: http://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys/46781#46781

Maybe we could improve the security by adding more bits to the key, like:
ssh-keygen -t rsa -b 2048

over 1 year ago ·
15757
Cebad8f65f75b33337d65b0099eb6109

were some comments here, but they all disappear, I think coderwall is buggy :(

over 1 year ago ·