SSH login without password using SSH public/private keys

SSH or Secure SHELL is the most popular and trusted UNIX-based cryptographic network protocol. It can be used for secure data communication, remote server logins, remote command execution, and many other secure network services between two networked servers.

Normally, password authentication is used to connect to a remote server via SSH. In this blog tutorial we will show you how to login to a remote Linux VPS without password, using SSH keys. This method is more secure than using a password.

First of all, we need to generate the public and private keys. We will use the RSA (Rivest-Shamir-Adleman) cryptosystem.

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): PRESS ENTER
Enter passphrase (empty for no passphrase): PRESS ENTER
Enter same passphrase again: PRESS ENTER
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
4a:91:e0:19:89:37:41:ce:3e:ff:56:2c:02:eb:65:cb root@LOCALSERVER
The key's randomart image is:
+--[ RSA 2048]----+
|   o=o           |
|  .+++ .         |
|   .=.o          |
|   ..  .         |
|    oo. S.       |
|    .++.. o      |
|   . +oo o       |
|    . E..        |
|       ..        |
+-----------------+

This will create 2048 bit public and private keys in the ‘/root/.ssh/’ directory on your server

ls /root/.ssh/
id_rsa  id_rsa.pub

Create a new ‘.ssh’ directory on the remote server

ssh root@REMOTE_SERVER mkdir -p .ssh

The -p for mkdir will create all directories leading up to the given directory that do not exist already. If the given directory already exists, ignore the error. -p is most often used when using mkdir to build up complex directory hierarchies, in case a necessary directory is missing or already there. For more detail: mkdir wiki

Copy the newly generated public key to the remote server you want to SSH without password

cat /root/.ssh/id_rsa.pub | ssh root@REMOTE_SERVER 'cat >> /root/.ssh/authorized_keys'

Change the permissions of the public key and the ‘.ssh’ directory

ssh root@REMOTE_SERVER "chmod 700 .ssh; chmod 600 .ssh/authorized_keys"

Now, login to the remote server and configure the SSH server to accept key authentication. Open the SSH configuration file

nano /etc/ssh/sshd_config

And make sure that the following three options are not commented and  ‘RSAAuthentication’ and ‘PubkeyAuthentication’ are set to ‘yes’.

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

Save the changes and restart the SSH server

/etc/init.d/sshd restart

That’s all. You should be able to the remote server without password

ssh REMOTE_SERVER

If you use chrome’s secure shell extension, just click the import and select the private key and then connect.

From here

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s