SSH without password using keys
I believe that are the simple things in life the ones that change you, and this one, is definitely is one of those.
You depend on that bloody document with all the nice and well randomically generated passwords?
Don't you hate that? well my friend, probably you already know about ssh keys to clone some repositories and that kind of stuff, but if you are still using passwords to manage your servers, here's a nice tip about what you can do to make your life better.
me@local:~ $ ssh my-server
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.8.0-29-generic x86_64)
.....
remote-me@remote-server:~ $ echo "logged into my remote server"
how? well...
Let's say someone (or your self) creates a user in a remote linux (or unix based) server, and you receive these ssh credentials:
host: my-server.com
port: 2222
user: homer
password: simpson
1. Create your private key, and follow the steps.
For a simple key just press enter to all. (check if you already have one in ~/.ssh/id_rsa).
me@local:~ $ ssh-keygen -t rsa
2. Configure the server into the ssh config file.
Create or add the follow lines in the file "~/.ssh/config":
Host my-server
HostName my-server.com
User homer
Port 222
So now you can ssh to the server without specifying anything but the name and password:
me@local:~ $ ssh my-server
3. Copy your public key to the remote server "my-server".
You will only need the password for this, and then you are done!
me@local:~ $ ssh-copy-id my-server
4. Login into the remote server without any password:
me@local:~ $ ssh my-server
homer@my-server:~ $ echo "logged into my remote server without password"
So that's it !!, but it's more:
You can always generate a new private ssh key in the remote server and make the user password less, so then you can forget about passwords.
Edit the file "/etc/sudoers" or create a new file "homer" if exist "/etc/sudoers.d/", lookup for your user, for example if your user is "homer":
homer ALL=(ALL) NOPASSWD: ALL
- If you create a new file "/etc/sudoers.d/homer" you should set permissions to 0400.
Crazy op about security: If you leave your computer open and without a password, then probably you don't deserve this kind of tool. Also you can always create another user to manage your work keys.
There's always a good reason to have passwords, but, think if that is really your need.
Written by Sebastian
Related protips
8 Responses
You can also generate different keys for different servers, instead of using id_rsa. In .ssh/config where your host is configured you can add an entry like this:
IdentityFile ~/.ssh/some_other
On every login I still have to type in the paaphrase from my local ~/.ssh/id_rsa file, is this correct?
$ ssh myserver
Enter passphrase for key '/home/myusername/.ssh/id_rsa':
Yeah hoffoo! exactly, actually its the best practice :)
Heart1010 yes!
I loved the idea of a passwordless sudo in the beginning but it's generally advised against, see this thread:
http://serverfault.com/questions/580881/is-it-ok-to-set-up-passwordless-sudo-on-a-cloud-server
Also, you should really be using ECDSA instead of RSA ... just saying
@teresko why ECDSA is better than RSA ?
Take a look at this: http://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys/46781#46781
Maybe we could improve the security by adding more bits to the key, like:
ssh-keygen -t rsa -b 2048
were some comments here, but they all disappear, I think coderwall is buggy :(