Skip to main content

Passwordless SSH logins


There are a few cases where having passwordless access to a machine is quite convenient or necessary. I'm looking up for commands that I can just copy and paste to do it right quick. Below are the steps:-

1. Generate key pair:-

       One of the login modes of SSH is to use a SSH key based authentication. A key pair is made up of both a private and a public key. The private key is kept on your local machine very securely while your public key is what you distribute to all the machines you want to log in to. There are a few flavors of keys you can generate, rsa1 (for SSH1), dsa (SSH2), or rsa (SSH2). Most linux admins like DSA. You can (and should) associate a password with your key pair, so that only you can use it even if someone else manages to gain access to your account. Password for key is not recommened when you want to use it for daily tasks or tasks that are done through cron jobs. If you have more than one key pair, using the same password for all key pairs will make them all active at the same time. You can also vary the number of bits used for the key. The more bits you use the harder it will be to crack, but I believe at a nominal performance drop. I was recommended to use 2048 bits. Very well, 2048 bit DSA key it is

ssh-keygen -t dsa -b 2048
# Type in strong password or no password when you don't want any password prompt.

If for some reason you need an rsa key, you can just replace the type with the appropiate argument, -t rsa or -t rsa1.

NOTE: You need to make sure the permissions of the files in this directory are set to allow read/write for the user only (-rw------- or chmod 600 *). The most important files to do this for are the authorized_keys and private keys files. Sometimes logging in will silently fail if you don't have the permissions set correctly.


2. Copy public key to remote machine:-

    Once you made your key pair, you should copy your public key to the remote machine and add it to the remote user's .ssh/authorized_keys file. There are several ways to do this. The easiest one is using the ssh-copy-id command:-

    ssh-copy-id -i ~/.ssh/id_rsa.pub remote-user@remote-host

You can also use below command:-

cat ~/.ssh/id_dsa.pub | ssh user@remote.machine.com 'cat >> .ssh/authorized_keys'

or you can manually transfer the pub file to remote machine & put it inside the authorized_keys of remote user.


3.  Login to remote server:-

    As the public key is copied now. We can just login & check if its working:-

    ssh remote-user@remote-host

   It should take you to remote host without asking for password ( if you've not provided any password with key )


It is recommended that once you have the ability to log in remotely as root with keys, you should disable password-based logins via ssh by making sure the following line is in /etc/ssh/sshd_config:-

PermitRootLogin   without-password

Comments

Popular posts from this blog

CentOS / Redhat : Configure CentOS as a Software Router with two interfaces

Linux can be easily configured to share an internet connection using iptables. All you need to have is, two network interface cards as follows: a) Your internal (LAN) network connected via eth0 with static ip address 192.168.0.1 b) Your external WAN) network is connected via eth1 with static ip address 10.10.10.1  ( public IP provided by ISP ) Please note that interface eth1 may have public IP address or IP assigned by ISP. eth1 may be connected to a dedicated DSL / ADSL / WAN / Cable router: Step # 1: Enable Packet Forwarding Login as the root user. Open /etc/sysctl.conf file # vi /etc/sysctl.conf Add the following line to enable packet forwarding for IPv4: net.ipv4.conf.default.forwarding=1 Save and close the file. Restart networking: # service network restart Step # 2: Enable IP masquerading In Linux networking, Network Address Translation (NAT) or Network Masquerading (IP Masquerading) is a technique of transceivin

Linux Find Command: Find Files Modified On Specific Date

There are many situations in which we have to find out  all files that have been modified on a specific date  using find command under Linux. There are two ways to list files in given directory modified after given date of the current year. The latest version of GNU/find command use the following syntax: Syntax GNU/find latest version: find /path/to/dir -newermt "date" find /path/to/dir -newermt "May 13" find /path/to/dir -newermt "yyyy-mm-dd" ## List all files modified on given date find /path/to/dir -newermt yyyy-mm-dd ! -newermt yyyy-mm-dd -ls ### print all *.sh ### find /path/to/dir -newermt "yyyy-mm-dd" -print -type f -iname "*.sh" The other way of doing this works on the versions of find before v4.3.3: touch -t 02010000 /tmp/timestamp find /usr -newer /tmp/timestamp then we can remove the reference file: rm -f /tmp/stamp$$ To  find out all Shell Script files  (*.sh) in /home/linux/scripts that have been modifie

Shell Script: Find Number Of Arguments Passed

Many times , when we create shell scripts we try to do repetitive tasks through functions. Some functions take arguments & we have to check the no. of arguments that are passed to it. Each bash shell function has the following set of shell variables: [a] All function parameters or arguments can be accessed via  $1, $2, $3,..., $N . [b]  $*  or  $@  holds all parameters or arguments passed to the function. [c]  $#  holds the number of positional parameters passed to the function. [d] An array variable called  FUNCNAME  ontains the names of all shell functions currently in the execution call stack. Example Create a shell script as follows: #!/bin/bash # Purpose: Demo bash function # -----------------------------   ## Define a function called test() test(){   echo "Function name:  ${FUNCNAME}"   echo "The number of positional parameter : $#"   echo "All parameters or arguments passed to the function: '$@'"   e