How to SSH Login without password using key pair

Filed Under: Scripts

In last post we saw how to use Expect Script for login to remote server using SSH. The problem with Expect script is that your password is written in a normal text file and can be compromised. Similar problem arises with password because if someone knows your password, he can easily login to your remote server.

SSH provides a more secure way to login using SSH Public Key authentication that doesn’t require password. This method has two levels of security because it also requires a passphrase, so hacker will need both of these to login to remote server. In this post, we will learn how easily we can setup public key authentication between your local machine and remote server.

Generate SSH Key Pair

First of all we need to generate the public and private keys that will be used for SSH authentication purpose. We can generate these using ssh-keygen. The private and public key needs to be generated at the local machine.


pankaj@Pankajs-MacBook-Pro:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/pankaj/.ssh/id_rsa):  <ENTER>  
Enter passphrase (empty for no passphrase): <passphrase>
Enter same passphrase again: <passphrase>
Your identification has been saved in /Users/pankaj/.ssh/id_rsa.
Your public key has been saved in /Users/pankaj/.ssh/id_rsa.pub.
The key fingerprint is:
e7:ad:6c:d8:06:rr:8f:ef:5s:fe:e2:2f:05:9c:5f:b0 pankaj@Pankajs-MacBook-Pro.local
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|              .  |
|             . + |
|        D     E .|
|        .o .   o.|
|         =. .   +|
|        ..=. ..* |
|         oo.o=*o*|
+-----------------+

For better security purpose, you should never leave passphrase empty. Once the SSH key pair is generated we are ready to move to next step.

Setting up Remote Server with Public Key

Once the public key is generated (/Users/pankaj/.ssh/id_rsa.pub), the next task is to copy it over to the remote server. You can use ssh-copy-id for copying the public key to the remote server but it’s not available in OpenSSH. So you will have to either SFTP the public key or you can just copy paste it to the authorized_keys at the remote server. Also we need to change the permissions on the ssh directory and authorized_keys file.


pankaj@and [~]# mkdir .ssh
pankaj@and [~]# cd .ssh/
pankaj@and [~/.ssh]# vi authorized_keys  <paste the contents from /Users/pankaj/.ssh/id_rsa.pub>
pankaj@and [~/.ssh]# cd 
pankaj@and [~]# chmod 700 .ssh
pankaj@and [~]# chmod 600 .ssh/authorized_keys

After you are done with above steps, you can login to the remote server without using password.


pankaj@Pankajs-MacBook-Pro:~$ ssh pankaj@journaldev.com
Last login: Mon Jun 10 22:05:25 2013 from c-67-161-57-160.hsd1.ca.comcast.net
pankaj333@and [~]#

Important Points

  • If you are on Mac OS, when you will try to login first time, Keychain window will popup asking for passphrase. You can use remember password option so that it won’t ask for passphrase again.
    ssh-passphrase-keychain
  • If you are on Unix or Linux system, you will be asked to enter passphrase for login but you can avoid that using ssh-agent and ssh-add commands.
    
    pankaj@Pankajs-MacBook-Pro:~$ ssh-agent $SHELL
    pankaj@Pankajs-MacBook-Pro:~$ ssh-add
    Enter passphrase for /Users/pankaj/.ssh/id_rsa: 
    Identity added: /Users/pankaj/.ssh/id_rsa (/Users/pankaj/.ssh/id_rsa)
    pankaj@Pankajs-MacBook-Pro:~$ 
    
  • Make sure to delete the public key file (/Users/pankaj/.ssh/id_rsa.pub) after you have added it to the remote host.

Comments

  1. Jayapandiyan says:

    Hi Pankaj,

    Can you please give me the code.. When i establishing connection between client and server using SFTP, how to store the client ssh key in .ssh/known_host file.

Leave a Reply

Your email address will not be published. Required fields are marked *

close
Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages