Difference between revisions of "Passwordless logins"

From Linuxintro
imported>ThorstenStaerk
(New page: A passwordless login is possible via ssh if you have established a trust relationship between two computers like this: scorpio:~ # ssh-keygen -t dsa Generating public/private dsa...)
 
imported>ThorstenStaerk
 
(10 intermediate revisions by 2 users not shown)
Line 1: Line 1:
A passwordless login is possible via [[ssh]] if you have established a trust relationship between two computers like this:
+
With Linux, it is possible to log in to a remote computer without having to type a password. You authenticate yourself with your "digital signature" and your public key.
  scorpio:~ # [[ssh-keygen]] -t dsa
+
 
 +
;Goal: You want to log in using [[ssh]] to a remote computer without being asked for a password.
 +
 
 +
;Solution: Establish a trust relationship so your desktop's ssh key is authorized on your server like this:
 +
  desktop:~ # ssh-keygen -t dsa
 
  Generating public/private dsa key pair.
 
  Generating public/private dsa key pair.
 
  Enter file in which to save the key (/root/.ssh/id_dsa):
 
  Enter file in which to save the key (/root/.ssh/id_dsa):
Line 9: Line 13:
 
  The key fingerprint is:
 
  The key fingerprint is:
 
  1c:9a:b8:03:ab:04:b3:7b:75:49:99:8c:51:79:5d:06 root@scorpio
 
  1c:9a:b8:03:ab:04:b3:7b:75:49:99:8c:51:79:5d:06 root@scorpio
  scorpio:~ # scp .ssh/id_dsa.pub root@foo:~/.ssh/authorized_keys
+
 
In this example, you create a key pair with no passphrase and distribute the public key from the computer ''scorpio'' to ''foo''. The user root from scorpio no longer needs to authenticate with his password, he can log in to foo from scorpio with the [[command]]
+
Now you just need to copy your public key to the remote machine so that it can recognize you:
  scorpio:~ # [[ssh]] foo
+
  desktop:~ # ssh-copy-id -i .ssh/id_dsa.pub root@server
  Welcome to foo.
+
 
  foo:~ #
+
In this example, you create a key pair with no passphrase and distribute the public key from the computer ''desktop'' to ''server''. The user root from ''desktop'' no longer needs to authenticate with his password, he can log in to ''server'' from ''desktop'' with the [[command]]
 +
  desktop:~ # ssh server
 +
  Welcome to server.
 +
server:~ #
 +
 
 +
;Explanation: The ssh folder contains a file authorized keys that contains host keys of trusted hosts. ssh-copy-id adds to this file. Instead of calling ssh-copy-id, you can also issue
 +
  desktop:~ # cat ~/.ssh/id_dsa.pub | ssh root@server "cat >>.ssh/authorized_keys"
 +
However, this command is error-prone because on some distributions, e.g. Red Hat, the file authorized_keys needs special permission settings. Better stick to ssh-copy-id.

Latest revision as of 17:38, 27 April 2015

With Linux, it is possible to log in to a remote computer without having to type a password. You authenticate yourself with your "digital signature" and your public key.

Goal
You want to log in using ssh to a remote computer without being asked for a password.
Solution
Establish a trust relationship so your desktop's ssh key is authorized on your server like this:
desktop:~ # ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
1c:9a:b8:03:ab:04:b3:7b:75:49:99:8c:51:79:5d:06 root@scorpio

Now you just need to copy your public key to the remote machine so that it can recognize you:

desktop:~ # ssh-copy-id -i .ssh/id_dsa.pub root@server

In this example, you create a key pair with no passphrase and distribute the public key from the computer desktop to server. The user root from desktop no longer needs to authenticate with his password, he can log in to server from desktop with the command

desktop:~ # ssh server
Welcome to server.
server:~ #
Explanation
The ssh folder contains a file authorized keys that contains host keys of trusted hosts. ssh-copy-id adds to this file. Instead of calling ssh-copy-id, you can also issue
desktop:~ # cat ~/.ssh/id_dsa.pub | ssh root@server "cat >>.ssh/authorized_keys" 

However, this command is error-prone because on some distributions, e.g. Red Hat, the file authorized_keys needs special permission settings. Better stick to ssh-copy-id.