Wednesday, December 16, 2009

Linux: secure login without entering password (Part 1)


We can use ssh to login to a remote machine with secure encrypted communications. If you are as lazy as me, you would be tired of entering the password on each login. ssh allows you to use a pair of private and public keys to authenticate your logins instead of the password. It is very simple to set it up.

Step 1: generate the keys
Run command:
    ssh-keygen
It would ask you to input a passphrase. The passphrase is used to encrypt your private key. If you use it, you will need to enter it when you use the private key. In other words, you will need to enter the passphrase each time you login to the remote machine unless you use ssh-agent (see Part 2). To make it simple, just press Enter to use no passphrase.

A pair of files are generated in ~/.ssh/. id_rsa contains the private key and id_rsa.pub contains the public key. Don't let anyone else access the file id_rsa because if others steal your private key, they can login to the remote machine as you.

Step 2: copy the public key to the remote machine
Run command
    ssh-copy-id [username@]<remote-machine>
And enter your password on the remote machine.

If your machine doesn't come with the script ssh-copy-id, you can manually add the public key from your id_rsa.pub file to the remote machine. On the remote machine, open file ~/.ssh/authorized_keys and add the public key. Each key should be in one line -- a very long line. Don't add line-breaks to break it into multiple lines.

Step 3: login
Now you can login with command
    ssh [username@]<remote-machine>
It won't prompt you the password request any more.

Part 2 shows how to use a passphrase for private/public keys with ssh-agent.

No comments:

 
Get This <