Wednesday, February 10, 2010

How to configure password-less authentication with Open SSH

 In my experience as a network admin is not a good ideea to let users login with their machine credentials so I will show you how to ssh login using public key and private key authentication.
Note . I presume that you have already installed the openssh-server package.
1.Open a shell and type
ssh-keygen (this is the ssh utility for PKI authentication.It will generate a public key and a private key.)

Generating public/private rsa key pair.
Enter file in which to save the key (/home/cata/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in
The key fingerprint is:
7a:df:3b:ac:6f:72:24:44:31:9d:c1:61:bb:59:9f:61 cata@krishnamurti2
The key's randomart image is:
+--[ RSA 2048]----+
|          o+++   |
|          .o+.   |
|         .  . .E |
|          .  +..o|
|        S.  o  ..|
|       .  . .    |
|      . .  +     |
|       . ...=    |
|          o*+o   |

2.Lets presume you want to login without a password to the pc named xubuntu(

ssh-copy-id -i ~/.ssh/  cata@ - this will copy your public key( to the remote sistem and generate the file /home/cata.ssh/authorized_keys where your public key will be inserted.

3.Restart ssh server on the remote host :

suso service ssh restart

4.Now from your shell type:

ssh (and you will be loged in without a password)

5.If you want to test that everything is ok type:

ssh-add -l (this will show you all the public keys thata are stored in your public agent)
If there are no keys here and ssh-copy-id has made an error to add a public key manualy do this:
If you want to delete a key from the agent do this
ssh-add -d or ssh-add -D (deletes all keys)
Change your public key password at least once a year .To change the password without generating a new key type:
ssh-keygen -p

No comments:

Post a Comment