Password-less authentication SSH

I use this a lot, and you should too. It saves lots of time, but you should also be aware that password-less authentication (and it’s ease) imposes a security risk on your behalf. You should be very cautious when you’re connecting to the remote machines (whether they are testing, staging or production environments, in ascending order of danger) beacuse there is no longer a password threshold reminding you that you’re about to do something that you might not have intended for that machine. Nevertheless, it is a timesaver and it simplifies authentication to machines you’ll often connect to.

This is how to do it. First, check if you have an rsa key pair in your homedir:

$ ls ~/.ssh/id_rsa*

You should have an id_rsa and an id_rsa.pub file there. If not, you need to generate them, using the following command

$ ssh-keygen -t rsa

If you wish, you can add a passphrase for accessing the keys. This is an extra security, which you don’t really need if you don’t hand out your private key to anyone. However, if you feel quirky about entering systems without passwords, you can enter the passphrase anyway. In that case, you will need to enter that password in stead of the password on the remote machine when you want to connect.

Use the ssh-copy-id script to copy your public key to the remote machine’s “~/.ssh/authorized_keys” file. You can do this by hand also, but the script makes it a little bit easier for you:

$ ssh-copy-id remoteuser@remotehost

After you entered the remote password as prompted, the machine’s door will be open to you. In terms of security, a good rule of thumb is not to use password-less authentication unless the firewall restricts ssh access to your ssh client’s machine, or to your office network. Be sensible, but don’t learn every password you’ll get handed over by heart, it’s a waste of time and brainpower.

This entry was posted in Linux & BSD and tagged , , . Bookmark the permalink. Trackbacks are closed, but you can post a comment.

Post a Comment

Your email is never published nor shared.

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Subscribe without commenting