Thursday, May 16, 2013

Password less login using ssh

Password less login using ssh


Here are the steps you need to take to achieve this.

On your system:
  • run ssh-keygen -t dsa (you can use either dsa or rsa. Both provide almost the same level of security. dsa can only be used for signing where rsa can be used for encryption as well.). Below is a typical command line output for this command.
    • tritium@tritium-pc:~> ssh-keygen -t dsa  
 Generating public/private dsa key pair.  
 Enter file in which to save the key (/home/tritium/.ssh/id_dsa):  
 Enter passphrase (empty for no passphrase):  
 Enter same passphrase again:  
 Your identification has been saved in /home/tritium/.ssh/id_dsa.  
 Your public key has been saved in /home/tritium/.ssh/id_dsa.pub.  
 The key fingerprint is:  
 f6:61:a8:27:35:cf:4c:6d:13:22:70:cf:4c:c8:a0:23 tritium@tritium-pc
  • The public key i.e id_dsa.pub (or id_rsa.pub in case you used rsa) will be used for authentication. You can enter an empty passpharse (by pressing enter key) or a random string/statement (with spaces) as the passphrase.
  • Login to the remote machine to which you want to enable password less login as yourself which is tritium. If you do not have the user tritium on the remote server you will need to create one. User creation require root user access.
    • To create the user tritium login to the remote machine as root and run the command adduser <username>. Below is a sample run for the command
    • root@Play-area:~$ adduser tritium  
 Adding user `tritium' ...  
 Adding new group `tritium' (1004) ...  
 Adding new user `tritium' (1003) with group `tritium' ...  
 Creating home directory `/home/tritium' ...  
 Copying files from `/etc/skel' ...  
 Enter new UNIX password:   
 Retype new UNIX password:   
 passwd: password updated successfully  
 Changing the user information for anant  
 Enter the new value, or press ENTER for the default  
      Full Name []: Tritium  
      Room Number []:   
      Work Phone []:   
      Home Phone []:   
      Other []:   
 Is the information correct? [Y/n] Y  
      Note: I have used adduser instead of the lower lever useradd. adduser is mostly a wrapper over useradd. It creates the user home directory and copies over the /etc/skel i.e. the .bash files over the created user. 
  • Create the .ssh folder and give it permissions 740.
  • Copy the id_pub.dsa (or id_pub.rsa) file to the directory.ssh and give it the permission 400.
  • Rename the id_pud.dsa (or id_pub.rsa) to authorized_keys.
  • That is it. You are done. Now if ssh the remote machine it will login without promting for your password. It will ask for the passphrase if a non-null passphrase was used.
    • tritium@tritium-pc:~$ ssh 192.168.11.13  
 Linux Play-area 2.6.32-21-generic-pae #32-Ubuntu SMP Fri Apr 16 09:39:35 UTC 2010 i686 GNU/Linux  
 Ubuntu 10.04.4 LTS  
 Welcome to Ubuntu!  
  * Documentation: https://help.ubuntu.com/  
  System information as of Thu May 16 11:47:46 IST 2013  
  System load: 0.0         Memory usage: 47%  Processes:    92  
  Usage of /: 34.2% of 140.68GB  Swap usage:  0%  Users logged in: 0  
  Graph this data and manage this system at https://landscape.canonical.com/  
 33 packages can be updated.  
 28 updates are security updates.  
 New release 'precise' available.  
 Run 'do-release-upgrade' to upgrade to it.  
 *** System restart required ***  
 Last login: Thu May 16 11:42:25 2013 from tritium-pc
Posted by at No comments:
Subscribe to: Posts (Atom)