Monday, May 10, 2010

Autologin with ssh key




Login auto
./instkey.bash dekt1 xviengu
ssh dekt1



SSH Without a Password

The following steps can be used to ssh from one system to another without specifying a password.

Notes:

  • The system from which the ssh session is started via the ssh command is the client.
  • The system that the ssh session connects to is the server.
  • These steps seem to work on systems running OpenSSH.
  • The steps assume that a DSA key is being used. To use a RSA key substitute 'rsa' for 'dsa'.
  • The steps assume that you are using a Bourne-like shell (sh, ksh or bash)
  • Some of this information came from:
    http://www.der-keiler.de/Mailing-Lists/securityfocus/Secure_Shell/2002-12/0083.html

Steps:

  1. On the client run the following commands:
    $ mkdir -p $HOME/.ssh
    $ chmod 0700 $HOME/.ssh
    $ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ''
    
    This should result in two files, $HOME/.ssh/id_dsa (private key) and $HOME/.ssh/id_dsa.pub (public key).
  2. Copy $HOME/.ssh/id_dsa.pub to the server.
  3. On the server run the following commands:
    $ cat id_dsa.pub >> $HOME/.ssh/authorized_keys2
    $ chmod 0600 $HOME/.ssh/authorized_keys2
    
    Depending on the version of OpenSSH the following commands may also be required:
    $ cat id_dsa.pub >> $HOME/.ssh/authorized_keys
    $ chmod 0600 $HOME/.ssh/authorized_keys
    
    An alternative is to create a link from authorized_keys2 to authorized_keys:
    $ cd $HOME/.ssh && ln -s authorized_keys2 authorized_keys
    
  4. On the client test the results by ssh'ing to the server:
    $ ssh -i $HOME/.ssh/id_dsa server
    
  5. (Optional) Add the following $HOME/.ssh/config on the client:
    Host server
             IdentityFile ~/.ssh/id_dsa
    
    This allows ssh access to the server without having to specify the path to the id_dsa file as an argument to ssh each time.








No comments:

Post a Comment

Labels