Skip to main content

Passwordless SSH logins


There are a few cases where having passwordless access to a machine is quite convenient or necessary. I'm looking up for commands that I can just copy and paste to do it right quick. Below are the steps:-

1. Generate key pair:-

       One of the login modes of SSH is to use a SSH key based authentication. A key pair is made up of both a private and a public key. The private key is kept on your local machine very securely while your public key is what you distribute to all the machines you want to log in to. There are a few flavors of keys you can generate, rsa1 (for SSH1), dsa (SSH2), or rsa (SSH2). Most linux admins like DSA. You can (and should) associate a password with your key pair, so that only you can use it even if someone else manages to gain access to your account. Password for key is not recommened when you want to use it for daily tasks or tasks that are done through cron jobs. If you have more than one key pair, using the same password for all key pairs will make them all active at the same time. You can also vary the number of bits used for the key. The more bits you use the harder it will be to crack, but I believe at a nominal performance drop. I was recommended to use 2048 bits. Very well, 2048 bit DSA key it is

ssh-keygen -t dsa -b 2048
# Type in strong password or no password when you don't want any password prompt.

If for some reason you need an rsa key, you can just replace the type with the appropiate argument, -t rsa or -t rsa1.

NOTE: You need to make sure the permissions of the files in this directory are set to allow read/write for the user only (-rw------- or chmod 600 *). The most important files to do this for are the authorized_keys and private keys files. Sometimes logging in will silently fail if you don't have the permissions set correctly.


2. Copy public key to remote machine:-

    Once you made your key pair, you should copy your public key to the remote machine and add it to the remote user's .ssh/authorized_keys file. There are several ways to do this. The easiest one is using the ssh-copy-id command:-

    ssh-copy-id -i ~/.ssh/id_rsa.pub remote-user@remote-host

You can also use below command:-

cat ~/.ssh/id_dsa.pub | ssh user@remote.machine.com 'cat >> .ssh/authorized_keys'

or you can manually transfer the pub file to remote machine & put it inside the authorized_keys of remote user.


3.  Login to remote server:-

    As the public key is copied now. We can just login & check if its working:-

    ssh remote-user@remote-host

   It should take you to remote host without asking for password ( if you've not provided any password with key )


It is recommended that once you have the ability to log in remotely as root with keys, you should disable password-based logins via ssh by making sure the following line is in /etc/ssh/sshd_config:-

PermitRootLogin   without-password

Comments

Popular posts from this blog

CentOS / Redhat : Configure CentOS as a Software Router with two interfaces

Linux can be easily configured to share an internet connection using iptables. All you need to have is, two network interface cards as follows: a) Your internal (LAN) network connected via eth0 with static ip address 192.168.0.1 b) Your external WAN) network is connected via eth1 with static ip address 10.10.10.1  ( public IP provided by ISP ) Please note that interface eth1 may have public IP address or IP assigned by ISP. eth1 may be connected to a dedicated DSL / ADSL / WAN / Cable router: Step # 1: Enable Packet Forwarding Login as the root user. Open /etc/sysctl.conf file # vi /etc/sysctl.conf Add the following line to enable packet forwarding for IPv4: net.ipv4.conf.default.forwarding=1 Save and close the file. Restart networking: # service network restart Step # 2: Enable IP masquerading In Linux networking, Network Address Translation (NAT) or Network Masquerading (IP Masquerading) is a technique of transceivin

Virtual Box and Alt/Tab Keys

I use virtual box for all my testing activities. It comes too often that I have a virtual box VM window open & I want to switch to my host machine to see some stuff like tutorials etc.. If you press the alt+tab combination it just works inside the VM & doesn't switches to host machine. In these scenarios you can press the host key once ( not hold it ) & then whatever you press goes to host machine. So in general where host key is the default Right Ctrl, just press Right Ctrl once & now press the alt+tab & it will switch you out to host machine. This is really helpful when you have the VM windows open or you're working on seamless mode. Hope it help others too.

Set date and time in Linux

There are few ways to set the date and time on Linux command line. In order to do this, you must login as root and execute the following methods as follow: For you to remember the syntax, issue the command “date” first [root@linuxtechtips ~]# date Mon Aug 20 18:30:29 SGT 2012 Let say you want to change it to Sept 6, 2012, 3pm, just follow the pattern above [root@linuxtechtips ~]# date 090615002012 Thu Sep  6 15:00:00 SGT 2012 where as: 09 = month (September) 06 = day 15 = hour 00 = min 2012 = year Now it’s set, as simple as that: [root@linuxtechtips ~]# date Thu Sep  6 15:00:01 SGT 2012 Another example, you want it to change to 20th of December, 2012, 10:45pm [root@linuxtechtips ~]# date 122022452012 Thu Dec 20 22:45:00 SGT 2012 Viola!!! [root@linuxtechtips ~]# date Thu Dec 20 22:45:03 SGT 2012 Now if you want to challenge yourself, then you can use this as well: Using our example date above, use the date comman