How to set-up SSH for do not requiring a password every time it logs into a remote machine?

It is important to note that, since the SSH protocol is a highly secure
one, it does not accept just the traditonal .rhosts on the users login for
accepting a remote connection without password verification.

The implementation of SSH1 and SS2 are slightly diferent, and from OpenSSH
to SSH2  vary too. Since most of the Linux machines are running OpenSSH2,
we will describe here how to make the “trick” for avoiding a password everytime
when running openssh2 on both client and server.

For detailed information about the class of key verification and encription
that ssh uses, see the ssh and related man pages or online documentation
at http://www.openssh.com/manual.html

The basic idea is, however, that in the cryptosystem that ssh uses (RSA
or/and DSA)  the encription and  decription are done using diferent
keys Basically, what the user (client) needs is to generate a public/private
key pair. The server will know the public key, but only the client will know
the private key.
When the client connects to the server, it  tells its own public key.
If this key is allowed (if it is between the know public keys list on the
server), the server will send a randomic number to the client. This encripted
number can only be decripted if the appropiate decription key is used, and
this decription key is the client’s private one. The client then uses then
its own private key and decript the number. If this is done correctly, the
server will grant the acces with no more questions. As you can see the system
is safe, because the client never tells anybody about its private key; and
this key cannot be inferred using the public one.

What must be done, then , is to generate a public/private key pair, and
copy the public part into the appropiate place on the server side.
For doing this, on the user’s home directory, on the client machine, type

local> ssh-keygen -t dsa -f .ssh/id_dsa

-t tells the type of encription
-f tells where to store the public/private key pairs. In this case, the .ssh directory on home is being used

A password will be asked; leave this part blank, just pressing <enter>
Now, go the .ssh directory, and you will find two new files: id_dsa and
id_dsa.pub. The last one is the public part. Now, copy the public key to the
server machine

local> cd .ssh
local> scp id_dsa.pub user@remote:~/.ssh/id_dsa.pub

Of course, this time you will need to enter the password.
Now, login into the server machine and go to the .ssh directory on the
server side

local> ssh user@remote
remote> cd .ssh

Now, add the client’s public key to the know public keys on the server

remote> cat id_dsa.pub >> authorized_keys2
remote> chmod 640 authorized_keys2
remote> rm id_dsa.pub

remote> exit

and that’s all.
Next time you log into the remote server, no password will be asked.
Note that this sytem will work while none of the machines change its IP
address and for the specific user, so it is still safe.

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.