crib sheet: ssh single-login/no password

via: Robert Citek - crib sheet: ssh single-login/no password ( was Re: ssh-keygen )
How to set up a no-password ssh connection from A to B, where A && B == trusted machines

== blank passphrase

1) generate private/public keys on A
$ ssh-keygen -t dsa
press enter when it asks for the filename
press enter when it asks for the passphrase (yes, a blank passphrase)
this will generate two files: ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub

2) put ~/.ssh/id_dsa.pub from A into ~/.ssh/authorized_keys2 on B
$ cat ~/.ssh/id_dsa.pub | ssh B ‘cat >> ~/.ssh/authorized_keys2’

3) make sure all files are not writable or readable except by owner
do this on A and B
$ chmod a-x,go-w,o-r ~/.ssh/*

4) verify it works
$ ssh B ls -la

== single-logon

1) generate private/public keys on A
$ ssh-keygen -t dsa
press enter when it asks for the filename
enter a passphrase
this will generate two files: ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub

2) put ~/.ssh/id_dsa.pub from A in ~/.ssh/authorized_keys2 on B
$ cat ~/.ssh/id_dsa.pub | ssh B ‘cat >> ~/.ssh/authorized_keys2’

3) make sure all files are not writable or readable except by owner
do this on A and B
$ chmod a-x,go-w,o-r ~/.ssh/*

4) use ssh-agent to manage passphrases
$ eval $(ssh-agent)

5) make agent aware of passphrases
$ ssh-add # enter the appropriate passphrase for each remote host

6) verify everything works
$ ssh B ls -la

Advertisements

3 thoughts on “crib sheet: ssh single-login/no password

  1. Don’t expect a response from this guy, Roddy, he actively practices censorship here (deleting comments he doesn’t like the look of).

  2. Robin – no clue what you’re referring to. Shoot me an email if you “have a problem” or whatever.
    Roderick – I’m not sure – this was just a cut/paste refrence for myself. I personally don’t use ssh-add, instead I just create bash aliases for ssh, i.e.

    alias foo=’ssh myuser@foo.host.com

    so in my shell, I just type ffoo and get connected to foo.host.com as mysuer.

Comments are closed.