Browsed by
Tag: ssh

OpenSSH | Password-less remote login with private/public keys

OpenSSH | Password-less remote login with private/public keys

When accessing remote servers, you often do not want to type out your password ever time.  In order to avoid this you need to set up public and private keys.  These keys will authenticate you and will allow you to login to remote server with out the need to type in your password.

To get started, on your local machine run ssh-keygen command.  This command will generate your public and private key files.  It will first ask you for the location of where you want to save the key.  It will give you a default file name of ~/.ssh/id_rsa and this is the default file name that the ssh program will look at for a private key if none are specified as a command line argument.  Unless you only have one server to connect to, change this name to something else but keep the file inside of your ~/.ssh directory.  I usually choose the file name to be the name of the remote server.  So, for example if I am going to be creating keys for foo.com, I would start off by doing the following:

It will then ask you for a passphrase, just press enter and and then when it asks for the same passphrase again just press enter again.

It will then display some information on the screen and return you to your command prompt.

Now, if you look inside your ~/.ssh file you will see your public and private key, your public key ends in .pub.

Notice how the permissions on the files are set.  The private key foo is only readable and writable by you, however everyone can read your public key.

The next step is to transfer your public key to the remote sever, so for this example we want to transfer ~/.ssh/foo.pub to the foo.com remote server.

I simply use the scp command giving it the location of my local file and then the user@hostname:path.

In order for the remote server to know which keys are allowed, the public keys need to be placed in the file ~/.ssh/authorized_keys2, to do this we can run ssh and then give it a remote command to run.

The above command tells the ssh command to first login to the remote server and then cat out our public key and append it to the authorized_keys2 file.

After this, we should be all set. If you run into any issues with the authorized_keys2 file, check its permissions and  make sure that its only readable and writable by you and no one else.

Finally, to login to the server we run the same ssh command as before but we pass it out private key as a command line argument.

This can be made even simpler by creating a ~/.ssh/config file and specifying a server alias with a associated identity file (private key).  Take a look at my previous post to read about how to do that.

OpenSSH | custom configuration

OpenSSH | custom configuration

Every time you log into a server, you must specify your username and password.  If the server has a long hostname, this can be frustrating to type multiple times if you are logging into a server on multiple different windows.  In order to speed up this process, OpenSSH allows you to have a configuration script that you can set up to apply aliases to your login information.

For example, this is how the user foo could login to the server bar.com on the command line using ssh by typing everything out.

Instead of typing this out every time you can create a config file inside your .ssh directory in your home directory that will hold all of this information and give you a alias to use instead.

Read More Read More