SSH login without password using public key

botond published 2018. 06. 11., h - 19:44 time
SSH login without password Linux Portal

Content

 

Introductory

During regular work in the terminal, you often have to switch to other computers SSHthrough. After a while, it becomes tedious to type a lot of passwords when, for example, we have to log in to a server under our control and run a command or look at the log files. Not to mention that we can't perform automated tasks on remote machines due to the password prompt, which we would have to start from the local machine. In this description, we solve this problem.

 

 

Prerequisites

First, you need to have the tools to create the public key and send it to the target machine. The most obvious package for this is openssh-client. This is one of the most common open source SSH client software package Debian, which contains the commands we need next to the client. If it is not already installed on our system, we will replace it APT with the package manager:

apt-get install openssh-client

Out of the package, we now have it outside of SSH itself ssh-keygen and that ssh-copy-id we will need commands.

In this example, suppose the name of our source machine from which you want to log on to the target machine localhostand the name of the target machine REMOTEHOST. And for the sake of simplicity, our username should be on both machines user. So the user @ localhost would like to log on to SSH without using a password a user @ REMOTEHOST respectively.

 

Generate a public key

First, generate your own keys on the source machine (user @ localhost). To do this, simply run the following command:

ssh-keygen

Then ask for a few things and hit enter:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): [Enter]
Enter passphrase (empty for no passphrase): [Enter]
Enter same passphrase again: [Enter]
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
9e:2c:7b:4c:a0:8f:97:b9:5e:ab:50:b8:05:18:f1:55 user@localhost
The key's randomart image is:
+---[RSA 2048]----+
|  o.  ..E        |
|   + .           |
|  . o            |
|     o.          |
|    ..o.S        |
|    .+ o..       |
|    oo.==        |
|    ..=+o.       |
|     o=+.        |
+-----------------+

You place the generated key pair in /home/user/.ssh/, where the private key of the account is id_rsa file and the public key is id_rsa.pub file.

 

It is worth noting here that for normally created SSH users, generate the generated keys in /home/username/.ssh/. But if for example one ISPConfig server environment If you are using it, the files may be diverted to a different path (eg under Document Root, etc.). So we monitor the file output paths indicated by the ssh-keygen program.

 

Copy public key

If we're done with it, that's it ssh-copy-id copy the public key to the destination:

ssh-copy-id -i /home/user/.ssh/id_rsa.pub user@remotehost

 

If your destination is not using the default 22 SSH port, you can also use the -p switch to specify the unique port number for the ssh-copy-id command as for ssh: 
ssh-copy-id -i /home/user/.ssh/id_rsa.pub user@remotehost -p <portszám>

 

Here, use the -i option to specify the public key access so that you are sure that the correct file is copied. The program then copies the key to the destination location, but first asks for confirmation of the operation, then asks for the SSH password for the destination account once. So the output is:

The authenticity of host '[remotehost] ([192.168.1.10])' can't be established.
ECDSA key fingerprint is 41:fe:b9:e0:22:4d:20:07:bd:db:80:da:b8:85:25:1e.
Are you sure you want to continue connecting (yes/no)? yes [Enter]
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@remotehost's password: (adjuk meg a cél állomás SSH jelszavát)

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'user@remotehost'"
and check to make sure that only the key(s) you wanted were added.

We are done with that. Let's test the passwordless login using the ssh command:

ssh user@remotehost

If all went well, the text MOTD will appear immediately, followed by the prompt:

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
user@remotehost:~$

 

The copied public key is at the destination ~ / .Ssh / authorized_keys will be placed in a file where any number of public keys can be placed. This means that you can log in to an SSH account from any number of locations without using a password from which you copied the public key to the source location.
The public keys in the file are separated by line breaks, so when opened in an editor, the source locations in the form user @ host are visible after the keys. This allows you to easily manually remove the public key of an already redundant source machine by removing the entire queue, if necessary.

 

Conclusion

Then you can conveniently use SSH or SCP commands in our shell scripts without having to enter our passwords anywhere. So, for example, cron can execute our remote website backup script or anything else that requires SSH login.

 

Related Content, Useful Links:

 

Tags
SSH
public key
safety
authentication