Skip to main content

Passwordless SSH logins


There are a few cases where having passwordless access to a machine is quite convenient or necessary. I'm looking up for commands that I can just copy and paste to do it right quick. Below are the steps:-

1. Generate key pair:-

       One of the login modes of SSH is to use a SSH key based authentication. A key pair is made up of both a private and a public key. The private key is kept on your local machine very securely while your public key is what you distribute to all the machines you want to log in to. There are a few flavors of keys you can generate, rsa1 (for SSH1), dsa (SSH2), or rsa (SSH2). Most linux admins like DSA. You can (and should) associate a password with your key pair, so that only you can use it even if someone else manages to gain access to your account. Password for key is not recommened when you want to use it for daily tasks or tasks that are done through cron jobs. If you have more than one key pair, using the same password for all key pairs will make them all active at the same time. You can also vary the number of bits used for the key. The more bits you use the harder it will be to crack, but I believe at a nominal performance drop. I was recommended to use 2048 bits. Very well, 2048 bit DSA key it is

ssh-keygen -t dsa -b 2048
# Type in strong password or no password when you don't want any password prompt.

If for some reason you need an rsa key, you can just replace the type with the appropiate argument, -t rsa or -t rsa1.

NOTE: You need to make sure the permissions of the files in this directory are set to allow read/write for the user only (-rw------- or chmod 600 *). The most important files to do this for are the authorized_keys and private keys files. Sometimes logging in will silently fail if you don't have the permissions set correctly.


2. Copy public key to remote machine:-

    Once you made your key pair, you should copy your public key to the remote machine and add it to the remote user's .ssh/authorized_keys file. There are several ways to do this. The easiest one is using the ssh-copy-id command:-

    ssh-copy-id -i ~/.ssh/id_rsa.pub remote-user@remote-host

You can also use below command:-

cat ~/.ssh/id_dsa.pub | ssh user@remote.machine.com 'cat >> .ssh/authorized_keys'

or you can manually transfer the pub file to remote machine & put it inside the authorized_keys of remote user.


3.  Login to remote server:-

    As the public key is copied now. We can just login & check if its working:-

    ssh remote-user@remote-host

   It should take you to remote host without asking for password ( if you've not provided any password with key )


It is recommended that once you have the ability to log in remotely as root with keys, you should disable password-based logins via ssh by making sure the following line is in /etc/ssh/sshd_config:-

PermitRootLogin   without-password

Comments

Popular posts from this blog

Shell Script: Find Number Of Arguments Passed

Many times , when we create shell scripts we try to do repetitive tasks through functions. Some functions take arguments & we have to check the no. of arguments that are passed to it.

Each bash shell function has the following set of shell variables:
[a] All function parameters or arguments can be accessed via $1, $2, $3,..., $N. [b] $* or $@ holds all parameters or arguments passed to the function. [c] $# holds the number of positional parameters passed to the function. [d] An array variable called FUNCNAME ontains the names of all shell functions currently in the execution call stack. ExampleCreate a shell script as follows: #!/bin/bash # Purpose: Demo bash function # ----------------------------- ## Define a function called test() test(){   echo "Function name:  ${FUNCNAME}"   echo "The number of positional parameter : $#"   echo "All parameters or arguments passed to the function: '$@'"   echo }
## Call or invoke the function ## ## Pass the parameters or a…

AMD Radeon™ HD 7670M on Ubuntu 12.04

Update:  Recently I install kubuntu 13.10 and there is no problem with graphics. It just works  fine out of the box.
I've seen many blog posts on how to make AMD HD7670M work on Ubuntu 12.04, specially when its in switchable graphics board like Dell Inspiron 15R 5520. I tried many things to make it work so that I could use the cinnamon desktop on ubuntu & other things too.. But to my surprise even the drivers from AMD site didn't work.
Then I tried a combination of those blog posts I read & somehow I became successful in running the full graphics including compiz settings inside My Ubuntu Machine.
Following are the steps I followed & it worked...
1. Create a backup of your xorg configuration file:
sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.BAK
2. Remove/purge current fglrx and fglrx-amdcccle :
sudo apt-get remove --purge fglrx*
3. Install the driver:
sudo apt-get install fglrx fglrx-amdcccle
4. Install additional components for advanced graphics:
sudo apt-get install xvba-…

CentOS / Redhat : Configure CentOS as a Software Router with two interfaces

Linux can be easily configured to share an internet connection using iptables. All you need to have is, two network interface cards as follows:
a) Your internal (LAN) network connected via eth0 with static ip address 192.168.0.1
b) Your external WAN) network is connected via eth1 with static ip address 10.10.10.1  ( public IP provided by ISP ) Please note that interface eth1 may have public IP address or IP assigned by ISP. eth1 may be connected to a dedicated DSL / ADSL / WAN / Cable router: Step # 1: Enable Packet ForwardingLogin as the root user. Open /etc/sysctl.conf file # vi /etc/sysctl.conf
Add the following line to enable packet forwarding for IPv4: net.ipv4.conf.default.forwarding=1
Save and close the file. Restart networking: # service network restart
Step # 2: Enable IP masquerading
In Linux networking, Network Address Translation (NAT) or Network Masquerading (IP Masquerading) is a technique of transceiving network traffic through a router that involves re-writing the source and/or d…