SSH is ideal for managing remote systems because of its password-less option that uses public/private keys instead of passwords, keeping system passwords safe.
This article uses ssh-copy-id, a utility that greatly simplifies the procedure by copying the local host’s public key to the remote host’s authorized keys file and by verifying file permissions and ownership.
The following steps show how to setup password-less SSH login:
Generating a key pair
Start by generating a key pair. A key pair includes a .pub (public key) that you share with remote computers and a private key that you never share. You can generate the key pair by using the command below and following the prompts, usually just pressing enter the whole time, make sure you do not enter a passphrase:
ssh-keygen -t rsa
The following below is an example of the output of the command:
[root@lz .ssh]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/my_id Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/my_id. Your public key has been saved in /root/.ssh/my_id.pub. The key fingerprint is: 1c:ee:bb:76:b2:42:34:02:e2:85:b6:c9:a5:01:d5:f7 root@lz.test-server.com The key's randomart image is: +--[ RSA 2048]----+ | ..o | |...o . . | |..o.. . o | | . ...oo E | | . ooo.S | | + o.. | | .. . | | . o.. | | .+* | +-----------------+
Verify Keys
Navigate to the directory in which you created the keys and confirm that the above command has succeeded. The output below is what it would look like when your have successfully created the keys:
[root@lz .ssh]#cd /root/.ssh/ [root@lz .ssh]# ls id_dsa identity id_rsa jlan my_id test id_dsa.pub identity.pub id_rsa.pub known_hosts my_id.pub test.pub [root@lz .ssh]#
Copy Public Key to Target System
In this next step, we copy the public key that we generated in the steps above to the target system to allow us to log in successfully. The destination system is lz-dest2 in the example below, copy it to the system that you want password-less SSH access to, which in this example is lz-dest2.
[root@lz .ssh]# ssh-copy-id -i my_id.pub root@lz-dest2
Test Login
At this point you should now be able to login into the remote machine without a password. The command below allows you to try to do just that:
[root@cae .ssh]# ssh lz-dest2 Last login: Sat Oct 2 11:37:55 2010 from lz.test-server.com [root@lz-dest2- ~]#
That’s it. You should be able to login now going forward. Is some cases, on systems where the public key is disabled which is used for passwordless , check the configuration file named /etc/ssh/sshd on the target computer for the following settings:
RSAAuthentication yes PubkeyAuthentication yes
While this is conviniet and secure, anyone with access to the computer with the SSH key would be able to log into the target computer. It’s still generally considered secure than typing your password in regularly.