Skip to main content

3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id


ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host’s home, ~/.ssh, and ~/.ssh/authorized_keys.

This article also explains 3 minor annoyances of using ssh-copy-id and how to use ssh-copy-id along with ssh-agent.

Step 1: Create public and private keys using ssh-key-gen on local-host

jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host

Step 2: Copy the public key to remote-host using ssh-copy-id

jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
Note: ssh-copy-id appends the keys to the remote-host’s .ssh/authorized_key.

Step 3: Login to remote-host without entering the password

jsmith@local-host$ ssh remote-host
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
[Note: SSH did not ask for password.]

jsmith@remote-host$ [Note: You are on remote-host here]

The above 3 simple steps should get the job done in most cases.

We also discussed earlier in detail about performing SSH and SCP from openSSH to openSSHwithout entering password.

If you are using SSH2, we discussed earlier about performing SSH and SCP without password from SSH2 to SSH2 , from OpenSSH to SSH2 and from SSH2 to OpenSSH.

Using ssh-copy-id along with the ssh-add/ssh-agent

When no value is passed for the option -i and If ~/.ssh/identity.pub is not available, ssh-copy-idwill display the following error message.
jsmith@local-host$ ssh-copy-id -i remote-host
/usr/bin/ssh-copy-id: ERROR: No identities found

If you have loaded keys to the ssh-agent using the ssh-add, then ssh-copy-id will get the keys from the ssh-agent to copy to the remote-host. i.e, it copies the keys provided by ssh-add -Lcommand to the remote-host, when you don’t pass option -i to the ssh-copy-id.
jsmith@local-host$ ssh-agent $SHELL

jsmith@local-host$ ssh-add -L
The agent has no identities.

jsmith@local-host$ ssh-add
Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)

jsmith@local-host$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV
aHrtPhTYpq7kIEMUNzApnyxsHpH1tQ/Ow== /home/jsmith/.ssh/id_rsa

jsmith@local-host$ ssh-copy-id -i remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
[Note: This has added the key displayed by ssh-add -L]
Labels:

Comments

Post a Comment

Popular posts from this blog

How to reset HP ILO password without reboot when you forgot the admin (root) password: ESX, Windows & Linux

How to reset HP ILO password without reboot when you forgot the admin (root) password: ESX, Windows & Linux This is still a test subject and i gathered all the methods and pasting it here for future reference & need to check whether the below steps are working or not on ESX and ESXI.  I am sure its working for Linux and Windows if the ILO drivers installed. ESX: You can configure the ILO board when you reboot your server and press <F8> but all your VM’s will be powered down. The other way is installing hponcfg in the service console.First we need to download the below three rpm files from HP site. Then copy files to the tmp folder of your server console. Install the rpm files using the following command. [root@esxhost tmp]# rpm -ihv hponcfg-version.linux.rpm hpasm-version.rhel3.i386.rpm hprsm-version.rhel3.i386.rpm Create a Password_ILO_reset.xml file and copy it to your tmp folder. <RIBCL VERSION=”2.0″> <LOGIN USER_LOGIN=”Administ
Post a Comment
Read more

Veritas cluster Interview Questions-2

Please go through questions and answers. Let me know if you have any doubt by leaving comment. Adding and removing cluster node  Q-1 How to add a node in an existing cluster? Ans:    Adding a node into an existing cluster is a multi steps process. 1:       Set up the hardware Before adding a node to an existing cluster, node must be physically connected with the cluster.       1: Connect the VCS private Ethernet controllers       2: Connect the node to the shared storage 2:       Install the VCS software in the node           Install the VCS software and install the license. 3:       Configure LLT and GAB Create the LLT & GAB configuration files (/etc/llthosts, /etc/llttab and /etc/gabtab) in the new node and update the files on the existing node. 4:       Add the node to an existing cluster We have to perform below given tasks in any of the existing node of a cluster          1:Make to cluster configuration R/W           # haconf –makerw           2:Add the new node to the cl
Post a Comment
Read more