SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Sidebar

Recently Changed Pages:

View All Pages


View All Tags


LinkedIn




WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.


Pages with comments

View All Comments

sshloginwithoutpassword

SSH Login Without Password

Goal

The goal is to have an automatic login for ssh so my script doens't need any passwords in it's configuration files. Automatic login through SSH works with PKI (public key infrastructure). We want to create a public key which can be placed on the remote server user's .ssh directory.

Source Host

As the user who is going to start the script issue this command (do not enter a passphrase):

bash-3.00$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dbuser/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dbuser/.ssh/id_rsa.
Your public key has been saved in /home/dbuser/.ssh/id_rsa.pub.
The key fingerprint is:
52:45:7a:ca:85:70:7b:cb:f8:1f:33:7a:50:14:73:83 dbuser@dbserver.company.local

Target Host

You can add the public key to the authorized_keys file manually:

syncuser@syncserver:~/.ssh> ll
total 8
-rw-r--r-- 1 repluser users 1472 2009-01-05 17:12 authorized_keys
-rw-r--r-- 1 repluser users  250 2008-10-10 12:24 known_hosts
 
syncuser@syncserver:~/.ssh> vi authorized_keys

Or you can use this command to ssh from the source host:

cat .ssh/id_rsa.pub | ssh syncuser@swyncserver 'cat >> .ssh/authorized_keys'

Known Hosts

When you try to connect now you get a one time warning if the server is not yet in your list of known hosts:

The authenticity of host 'syncserver,10.10.10.10' can't be established.
RSA key fingerprint is 84:17:4c:27:21:53:ef:fc:6f:57:9d:48:03:c6:17:6b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'syncserver,10.10.10.10' (RSA) to the list of known hosts.

Authorized Key Is Ignored

If the key is ignored, as in, you still have to enter your password, it could be that the .ssh directory and or authorized key is readable/writable to others than yourself. Fix that by setting the permissions to allow only yourself (chmod 700 .ssh)

You could leave a comment if you were logged in.
sshloginwithoutpassword.txt · Last modified: 2021/09/24 00:25 (external edit)