Skip to main content

3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id


ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host’s home, ~/.ssh, and ~/.ssh/authorized_keys.

This article also explains 3 minor annoyances of using ssh-copy-id and how to use ssh-copy-id along with ssh-agent.

Step 1: Create public and private keys using ssh-key-gen on local-host

jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host

Step 2: Copy the public key to remote-host using ssh-copy-id

jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
Note: ssh-copy-id appends the keys to the remote-host’s .ssh/authorized_key.

Step 3: Login to remote-host without entering the password

jsmith@local-host$ ssh remote-host
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
[Note: SSH did not ask for password.]

jsmith@remote-host$ [Note: You are on remote-host here]

The above 3 simple steps should get the job done in most cases.

We also discussed earlier in detail about performing SSH and SCP from openSSH to openSSHwithout entering password.

If you are using SSH2, we discussed earlier about performing SSH and SCP without password from SSH2 to SSH2 , from OpenSSH to SSH2 and from SSH2 to OpenSSH.

Using ssh-copy-id along with the ssh-add/ssh-agent

When no value is passed for the option -i and If ~/.ssh/identity.pub is not available, ssh-copy-idwill display the following error message.
jsmith@local-host$ ssh-copy-id -i remote-host
/usr/bin/ssh-copy-id: ERROR: No identities found

If you have loaded keys to the ssh-agent using the ssh-add, then ssh-copy-id will get the keys from the ssh-agent to copy to the remote-host. i.e, it copies the keys provided by ssh-add -Lcommand to the remote-host, when you don’t pass option -i to the ssh-copy-id.
jsmith@local-host$ ssh-agent $SHELL

jsmith@local-host$ ssh-add -L
The agent has no identities.

jsmith@local-host$ ssh-add
Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)

jsmith@local-host$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV
aHrtPhTYpq7kIEMUNzApnyxsHpH1tQ/Ow== /home/jsmith/.ssh/id_rsa

jsmith@local-host$ ssh-copy-id -i remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
[Note: This has added the key displayed by ssh-add -L]
Labels:

Comments

Post a Comment

Popular posts from this blog

Command for finding process using too much CPU

Command for finding process using too much CPU   Try doing this : top - b - n1 - c   And if you want the process that takes the most %CPU times : top - b - n1 - c | awk '/PID *USER/{print;getline;print}' or top - b - n1 - c | grep - A 2 '^$'       Or using a few other utils you could do: ps aux | sort - rk 3 , 3 | head - n 5   Change the value of head to get the number of processes you want to see.
Post a Comment
Read more

User account Lock/Unlock / Disable and enable

User account Lock/Unlock / Disable and enable Ex - Username - testing Lock command =---------- passwd -l testing or usermod -L testing unlock command ================= passwd -u testing or usermod -U testing Disable and Enable ==================== The following will lock an account Code: passwd -l testing You could also change the users shell to /bin/false if you don't want them to log in Code: usermod -s /bin/false testing Enable the account usermod -s /bin/bash tesing
Post a Comment
Read more

YUM repository problem

I was trying to install a few packages on a compute node using yum, when I encountered the following problem:- “IOError: <urlopen error unknown url type: media>” Here is how it happened: [root@localhost yum.repos.d]# yum install opensm Loading “rhnplugin” plugin Loading “security” plugin Loading “installonlyn” plugin This system is not registered with RHN. RHN support will be disabled. Setting up Install Process Setting up repositories rhel51                    100% |=========================| 1.3 kB    00:00 Reading repository metadata in from local files primary.xml.gz            100% |=========================| 780 kB    00:00 ################################################## 2857/2857 Parsing package install arguments Resolving Dependencies –> Populating transaction set ...
Post a Comment
Read more