How to do SSH without Password

SSH supports authentification with Public/Private keys. If you create a key with no passphrase, ssh can be used as convenient rsh replacement with many advantages.

Creating a key pair

module load openssh cd ~ mkdir .ssh chmod 755 .ssh cd .ssh ssh-keygen -t dsa chmod 600 id_dsa

Authorizing the key

to authorize a key, put its public part in the file authorized_keys in the .ssh directory.

To authorize the key that you just created type: cd ~/.ssh cat id_dsa.pub >> authorized_keys chmod 644 authorized_keys

Important: The directory ~/.ssh must not be a symbolic link, or none of this will work!

Step by step commands from a Unix shell

  • Open a shell on your local machine and type:
  • ssh-keygen -t dsa (press enter every time it asks you something :)).
  • cd .ssh
  • ls (it should display at least 2 files: id_dsa and id_dsa.pub)
  • scp id_dsa.pub YOUR_USER_NAME@asterix.unibe.ch:~/.ssh/new_authorized_keys
  • ssh YOUR_USER_NAME@asterix.unibe.ch
  • cd .ssh
  • ls
  • If there already is a file named authorized_keys in the directory
    • then copy the contents from the new_authorized_keys in the authorized_keys (cat new_authorized_keys >> authorized_keys),
    • otherwise just rename the file: mv new_authorized_keys authorized_keys.
  • dont delete your local id_dsa!!!

Example: authorize your Mac/PC for kilana:

  • create a key pair on your mac/pc
  • sftp the (public part of the) id_dsa file over to your kilana account (makes it easier to cat the files. Just make sure you do not override the kilana id_dsa file :-) )
  • cat the file with the authorized_keys file as explained above

Tarpits

  • Keep your private key SAFE. (check the file permissions)
  • the home and .ssh directory must not be writable by group and other users.

Links

Last changed by admin on 21 April 2009