SSH Login Without Password

This is the old public/private SSH key switcharoo that allows clients to log into servers without being challenged by a password. This is one of the least secure of the SSH setups, but still beats ftp security by a long run. Here are the steps:

  1. Make sure you have added the RSA key fingerprint of the server to the client’s “known_hosts” file. This is as easy as attempting to ssh to the server and answering YES to the dialogue. The key will then automatically be registered to the “~/.ssh/known_hosts” file. You don’t even need to successfully SSH to the server at this point to get the key registered. This step can actually be avoided as you will register the key in step 3 when you scp.
  2. Generate the client’s SSH key. Just type
    # ssh-keygen -t rsa

    at the prompt (you want an RSA key type), then just hit enter to accept defaults for everything, including leaving the passphrase empty.

  3. Move the client’s public key – “~/.ssh/” to the server. You can do something like this
    # scp ~/.ssh/ hostname:/Users/clatko/

    Where you put the key on the server at this point is irrelevant.

  4. Add the client’s public key to the server user’s “authorized_keys” file. On the server you can “cat” this key to the existing file by doing
    #cat >> .ssh/authorized_keys

    Also, you can add keys across users if you want, but this opens up the ability for abuse (adding a regular users key to root’s authorized_keys file, etc.).

That should do it. If this doesn’t work, you probably have a permissions problem somewhere – SSH is very picky if the wrong permissions exist on the .ssh directory or its contents. .ssh needs 700 and authorized_keys needs 400 (at the very most).

1 thought on “SSH Login Without Password”

Leave a Reply

Your email address will not be published. Required fields are marked *