SSH Key Pair to Login Without Password

By | 2010/06/25

How can I setup ssh to login without having to type the password?

You must first generate what is known as a key pair, then copy the public key to your server.

1. Run this command:

ssh-keygen -t dsa

…which will be followed by:


Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa): [Press Enter]
Enter passphrase (empty for no passphrase): [Press Enter]
Enter same passphrase again: [Press Enter]
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
40:f6:6c:e8:96:19:8c:c1:cc:d4:e5:9a:14:fb:c9:eb user@machine
The key's randomart image is:
+--[ DSA 1024]----+
| =o.+.. |
| +*.B |
| . B = |
| o @ . |
| B S |
| . . |
| . |
| . |
| E |
+-----------------+



2. Now you must copy that private key (~/.ssh/id_dsa.pub) onto the server you are connecting to. Append it to a text file on the server located here:

~/.ssh/authorized_keys

You can do this with one command here:

cat ~/.ssh/id_dsa.pub | ssh user@myserver.net "cat - >> ~/.ssh/authorized_keys"

(You will be prompted for your server ssh password to do this command.)

Or on recent Linux distros, you can do:

$ ssh-copy-id user@remotehost

[Optional]
If desired, you can set ssh to only accept public key authentication only. This way, it does not allow persons to try dictionary attacks and such.

Edit this file and make the options as so below:

sudo nano /etc/ssh/sshd_config

PermitRootLogin no

RSAAuthentication yes

PubkeyAuthentication yes

PasswordAuthentication no

And then restart ssh:

sudo /etc/init.d/sshd restart

Done!

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.