SSH login without password

Apr, 15 -- Categories: Linux

You need to know if you didn’t already this means: anybody that has access to your computer or access to the to rsa keys has complete access to your server without knowing the password.

I REPEAT:
Anybody that has access to your computer or access to the to rsa keys has complete access to your server without knowing the password.

Got it?

But this also means you can now log in without being prompted for username/password and that is sweet. Just maintain some good computer hygiene & keep your computer and your keys safe.

When you google this there are a lot of different instructions, and a lot of different ways for it to go badly. But the shot of the deal is you need to get these two files in your .ssh directory on your local computer:

id_rsa
id_rsa.pub

Then you need to get a copy of the id_rsa.pub saved into the .ssh as authorized_keys, or get the line from your id_ra.pub added to that file if it already exists. Then if you have the permissions right etc. etc. no more being prompted for your password.

So on your local machine do this:

If the .ssh directory doesn’t exist:

mkdir ~/.ssh
chmod 700 ~/.ssh

else

cd ~/.ssh
ssh-keygen -t rsa

Running the key generator looks like this for me:

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/me/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/me/.ssh/id_rsa.
Your public key has been saved in /Users/me/.ssh/id_rsa.pub.
The key fingerprint is:
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX me@xxxxxpro.local
The key's randomart image is:
+--[ RSA 2048]----+
| &!..()= .|
| . . o.+d@+|
| E * + oo.+*|
| . * . …=|
| S . |
| |
| |
| |
| |
+-----------------+

just hit return for no pass phrase thats what we’re going for here.

Now your half way there. You need to get the public half of the key to the REMOTE computer and user account you want to log in TO:

scp ~/.ssh/id_rsa.pub you@yoursite.com:/home/youruser/id_rsa.pub

then login

ssh you@yoursite.com
Password:
mkdir .ssh
chmod 700 .ssh
cat id_rsa.pub >> .ssh/authorized_keys
chmod 644 .ssh/authorized_keys

then login to make sure it worked. I have done this may times and every time it didn’t work like I expected it was related to permissions or ownership some where.

then:
rm id_rsa.pub