Skip to main content

3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id


ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host’s home, ~/.ssh, and ~/.ssh/authorized_keys.

This article also explains 3 minor annoyances of using ssh-copy-id and how to use ssh-copy-id along with ssh-agent.

Step 1: Create public and private keys using ssh-key-gen on local-host

jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host

Step 2: Copy the public key to remote-host using ssh-copy-id

jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
Note: ssh-copy-id appends the keys to the remote-host’s .ssh/authorized_key.

Step 3: Login to remote-host without entering the password

jsmith@local-host$ ssh remote-host
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
[Note: SSH did not ask for password.]

jsmith@remote-host$ [Note: You are on remote-host here]

The above 3 simple steps should get the job done in most cases.

We also discussed earlier in detail about performing SSH and SCP from openSSH to openSSHwithout entering password.

If you are using SSH2, we discussed earlier about performing SSH and SCP without password from SSH2 to SSH2 , from OpenSSH to SSH2 and from SSH2 to OpenSSH.

Using ssh-copy-id along with the ssh-add/ssh-agent

When no value is passed for the option -i and If ~/.ssh/identity.pub is not available, ssh-copy-idwill display the following error message.
jsmith@local-host$ ssh-copy-id -i remote-host
/usr/bin/ssh-copy-id: ERROR: No identities found

If you have loaded keys to the ssh-agent using the ssh-add, then ssh-copy-id will get the keys from the ssh-agent to copy to the remote-host. i.e, it copies the keys provided by ssh-add -Lcommand to the remote-host, when you don’t pass option -i to the ssh-copy-id.
jsmith@local-host$ ssh-agent $SHELL

jsmith@local-host$ ssh-add -L
The agent has no identities.

jsmith@local-host$ ssh-add
Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)

jsmith@local-host$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV
aHrtPhTYpq7kIEMUNzApnyxsHpH1tQ/Ow== /home/jsmith/.ssh/id_rsa

jsmith@local-host$ ssh-copy-id -i remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
[Note: This has added the key displayed by ssh-add -L]

Comments

Popular posts from this blog

Veritas cluster Interview Questions-2

Please go through questions and answers. Let me know if you have any doubt by leaving comment. Adding and removing cluster node  Q-1 How to add a node in an existing cluster? Ans:    Adding a node into an existing cluster is a multi steps process. 1:       Set up the hardware Before adding a node to an existing cluster, node must be physically connected with the cluster.       1: Connect the VCS private Ethernet controllers       2: Connect the node to the shared storage 2:       Install the VCS software in the node           Install the VCS software and install the license. 3:       Configure LLT and GAB Create the LLT & GAB configuration files (/etc/llthosts, /etc/llttab and /etc/gabtab) in the new node and update the files on the existing node. 4:       Add the node to an existing cluster We have to perform below given tasks in any of the exi...

AUDIT.YML

 --- - name: Update auditd.conf and restart auditd service   hosts: all   become: yes   tasks:     - name: Ensure the line 'disk_full_action = halt' exists in auditd.conf       lineinfile:         path: /etc/audit/auditd.conf         regexp: '^disk_full_action'         line: 'disk_full_action = halt'         state: present       register: disk_full_action_changed     - name: Ensure the line 'disk_error_action = halt' exists in auditd.conf       lineinfile:         path: /etc/audit/auditd.conf         regexp: '^disk_error_action'         line: 'disk_error_action = halt'         state: prese...

Learning Git

git config --global user.name  Yoganandhan Ganesan git config --global user.email gyoganandhan@gmail.com touch one.txt git status git add one.txt To remove the file in git  ------------------------------ git rm --cached one.txt To view the modified file difference  ------------------------------------ git diff To get the log ------------------- git log  git log --oneline --- git ignore file create ------------------------ touch .gitignore create branch -------------- git branch branch_name to change the branch ------------------- git checkout branch_name git checkout master ---------------- delete branch --------------- git branch -d branch_name ---------- to remvoe last commit  ------------------- git checkout . git checkout XXXXXX return to master with perivous position ----------------------------- git checkout master ------------------------------- we do not want to come pack to master ------------------------------------- git reset --hard ID(XXXXXX) git che...