Setup RSA Keys for password-less SSH login
- December 13th, 2009
- Posted in Linux . OS-X . sysadmin
- Write comment
If you’re like me then you spend almost all your time SSH’d somewhere and that’s a lot of passwords to remember and enter on a daily basis.
Using RSA Keys would allow you to SSH straight in without being prompted every time.
Which would allow you to go from:
to
Ok, so I cheated a little. I’ve also created and invoked an alias, I’ll explain how later.
Concept
The concept is that you generate a public key on your machine and then enter it into the authorized_keys on the target machine. Then when you ssh you present your key and it’s confirmed against the authorized and provided it’s the same you’re allowed in.
I configured RSA between my Macbook Pro and a remote Centos 5 machine, so paths may vary for your distributions. I’ll do my best to keep it platform ambiguous.
Generate Your Key
The first step is to generate your public key, this is nice and simple. Fire up a terminal and enter:
ssh-keygen -t rsa
It will ask you where to store the keys (it’s default, your home directory is fine) and it will ask if you want to provide a passphrase for the key, you want to leave this blank if you’re after the quick login.
It should look a little like this:
RSA Key Generation
You’ll want to note the location of your id_rsa.pub file as we’ll need this for the next step. In my example it is in:
/Users/greg/.ssh/id_rsa.pub
That’s your keys ready.
Add Key to the Remote Machine
Now we’re ready to get the key onto the remote machine, the simplest method is using SCP. The command is as follows:
scp PATH-TO-.PUB-FILE/id_rsa.pub username@remotehost.com:~
mine was:
scp /Users/greg/.ssh/id_rsa.pub root@192.168.1.200:~
We’ve just SCP’d the key into the home directory of whichever user you connected as. Open up a session to the server and:
cd $HOME
cat id_rsa.pub >> .ssh/authorized_keys
(The .ssh directory didn’t exist for me in root’s $HOME so I created it with mkdir)
That’s the key successfully on the remote host, if you’re lucky ssh’ing to the remote server will work without a password.
For me, I needed to make some config changes to the ssh configuration file on the remote server.
Tweaking /etc/ssh/sshd_config
There were a number of RSA related lines that had been commented out in the config file, I had to un-comment the following:
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
RSAAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Creating an alias
You remember that in my example I only entered ‘centos’ and it connected? This is because I created an alias command to run the usual SSH connection line.
You can create your own using the below:
alias CustomCommand="ssh USER@REMOTEHOST"
Mine:
alias centos="ssh root@192.168.1.200"
You’ll also need to add that line to $HOME/.bash_profile if you want it to be permanent.
No comments yet.