Passwordless logins
From Linuxintro
Revision as of 14:10, 29 April 2009 by imported>ThorstenStaerk (correcting call to ssh-copy-id)
With Linux, it is possible to log in to a remote computer without having to type a password. You authenticate yourself with your "digital signature" and your public key.
- Goal
- You want to log in using ssh to a remote computer. You do not want to enter a password, but you want maximum security.
- Solution
- Establish a trust relationship so your desktop's ssh key is authorized on your server like this:
desktop:~ # ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 1c:9a:b8:03:ab:04:b3:7b:75:49:99:8c:51:79:5d:06 root@scorpio
Now you just need to copy your public key to the remote machine so that it can recognize you:
desktop:~ # ssh-copy-id -i .ssh/id_dsa.pub root@server
Of course, you could also alternatively this by hand:
desktop:~ # cat ~/.ssh/id_dsa.pub | ssh root@server "cat >>.ssh/authorized_keys"
In this example, you create a key pair with no passphrase and distribute the public key from the computer desktop to server. The user root from desktop no longer needs to authenticate with his password, he can log in to server from desktop with the command
desktop:~ # ssh server Welcome to server. server:~ #