54.80.89.146

SSH without password or authentication using encrypted keys

SSH without password or authentication using encrypted keys

Do you have a stand-alone server, and you access it via ssh numerous times a day and each time entering the password, which is more than 10 characters?

Here you can learn how to fix this problem.

SSH Keys. Or Identity / Pubkey method

When using Identity / Pubkey method of identification the use of static passwords is excluded. To avoid typing every time passwords that can be intercepted by a keylogger, you need to keep on disk multiple keys, which will be used for authentication.

Here are some of the positive aspects of this type of authentication:

  • No one can enter the server with your account, because they need a private key and passphrase.
  • The server administrator can remove the password of an account in order to exclude its discredit.
  • You can use the ssh-agent and it will provide authentication information for you.
  • You can set certain restrictions, such as prohibiting the port forwarding, the performance of certain programs, etc.

Generating SSH keys. Or Identity / Pubkey creation

To generate the keys you need to use the program ssh-keygen.

localhost $ ssh-keygen -t rsa

With -t rsa option we specified the type of the keys (there are possible key variations- rsa1, rsa or dsa)

SSH server configuration

All of the above manipulations are done on the local machine, now we have to configure the remote (server where you will log into).

We’ve got the keys, now we need to allow this type of authentication on SSH server. First we define the type of authentication - Pubkey or Identity, set the following in sshd_config:

# Should we allow Identity (SSH version 1) authentication?
RSAAuthentication yes
  
# Should we allow Pubkey (SSH version 2) authentication?
PubkeyAuthentication yes
 
# Where do we look for authorized public keys?
# If it doesn't start with a slash, then it is
# relative to the user's home directory
AuthorizedKeysFile    .ssh/authorized_keys

The above values allow authentication Identity / Pubkey for SSH protocol version 1 and 2, and also check the availability of a public key to a file $HOME/.ssh/authorized_keys.

Please check availability of these lines in the configuration file /etc/ssh/sshd_config, if there are no such - add and restart the service.

Copy the file with key to the remote host

first variant

ssh-copy-id

You must have the program ssh-copy-id and with her help

ssh-copy-id -i ~/.ssh/id_rsa.pub youruser@remote.server.host

Manual option

cat ~/.ssh/id_rsa.pub | ssh -l user@remote.server.host ‘mkdir -p
.ssh;touch .ssh/authorized_keys; cat >>.ssh/authorized_keys;chmod 700
~/.ssh;chmod 600 ~/.ssh/authorized_keys’

or such

localhost$ scp ~/.ssh/id_rsa.pub youruser@remote.server.host
localhost$ ssh youruser@remote.server.host
remote.server.host$ [ -d ~/.ssh ] || (mkdir ~/.ssh; chmod 700 ~/.ssh)
remote.server.host$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
remote.server.host$ chmod 600 ~/.ssh/authorized_keys

All steps are completed, everything is set up - it's time to try

ssh youruser@remote.server.host