Mar 17, 2012

Configuring password less access to remote systems using ssh-keygen utility

When we say password less authentication, we mean that the client authentication is carried out using public and private keys.

Generate public/private key pair
The ssh-keygen utility is used to generate the public/private key pair. The keys generated are stored under .ssh directory in the user home directory. The private key is never shared and stored in the local machine whereas the public key is distributed to the machines you want to login to.

Use the below command for generating RSA key pair
ssh-keygen.exe -t rsa
Command for generating DSA key pair
ssh-keygen.exe -t dsa

When executing the above command, you are prompted to enter the passphrase for the keys. Enter blank if you want to login to the remote machine without any password/passphrase prompt.

Note: Using keys without the passphrase is a security risk. Make sure that the permissions of the keys are set to read and write for the user only.
chmod 600 *
Copy public key to the server machine

After generating the public/private key pair, the newly create public key (id_dsa.pub OR id_rsa.pub) are required to be copied to the server machine using any secure file transfer utility available.
You can use scp command to copy the public key to the server machine securely.
scp ~/.ssh/id_rsa.pub user@server:/home/pankajt/id_rsa.pub
Update .ssh/authorized_keys file with the public key

Append the contents of the public key copied on the server machine to the file .ssh/authorized_keys
Use the below command to update the authorized_keys file on the server
cat id_rsa.pub >> .ssh/authorized_keys

Note: Change the permission of the file authorized_keys to read and write for the user only.
chmod 600 authorized_keys
Password less SSH login

Login using ssh.exe client utility. The client should be able to connect to the remote SSH server without any password or passphrase prompt.

1 comment :

Shanthi Ganesan said...

Very good post thanks a lot for sharing with us by www.quizvook.com

Post a Comment