Wednesday, November 30, 2005

SSH without password

Realised that if they took this page off, we'd be done for, so I've decided to duplicate it here.
Courtesy: Ranga

The following steps can be used to ssh from one system to another without specifying a password.

1.
On the client run the following commands:

$ mkdir -p $HOME/.ssh
$ chmod 0700 $HOME/.ssh
$ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ''


This should result in two files, $HOME/.ssh/id_dsa (private key) and $HOME/.ssh/id_dsa.pub (public key).

2.
Copy $HOME/.ssh/id_dsa.pub to the server.

3.
On the server run the following commands:

$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys2
$ chmod 0600 $HOME/.ssh/authorized_keys2


Depending on the version of OpenSSH the following commands may also be required:

$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys
$ chmod 0600 $HOME/.ssh/authorized_keys


An alternative is to create a link from authorized_keys2 to authorized_keys:

$ cd $HOME/.ssh && ln -s authorized_keys2 authorized_keys

4.
On the client test the results by ssh'ing to the server:

$ ssh -i $HOME/.ssh/id_dsa server

5.
(Optional) Add the following $HOME/.ssh/config on the client:

Host server
IdentityFile ~/.ssh/id_dsa

This allows ssh access to the server without having to specify the path to the id_dsa file as an argument to ssh each time.

Helpful manpages:

* ssh(1)
* ssh-keygen(1)
* ssh_config(5)