Monday, May 23, 2011

How to SSH without password / passphrase


Goal: to login from local machine to Remote machine / Server via ssh without typing password
This simple tutorial explains how to SSH to a remote machine without typing your password. You can use this technique if you find yourself logging in to the same machine frequently and find typing your password tedious. It is also useful in scenarios when you have a script which needs to pull some files from a remote machine or perform a task on a remote machine via SSH, and you want to run this script automatically without having a human to type a password. May be deployed on Cloud , setting up a Hadoop Cluster
These instructions work on Linux and Mac. You can achieve the same result on Windows using Putty, but I haven’t documented the putty specific instructions here.
Step 1 of 2 : On local machine: Generate Authentication Keys
  1. ssh-keygen -t rsa

Accept the default choice. Hit enter.
Enter passphrase (empty for no passphrase):Enter same passphrase again:
Hit enter twice. A passphrase encrypts your private key so that no one can see it. However, you should NOT encrypt your private key if you want a password-less login.
  1. [hadoop@uidlt02 ~]$ ssh-keygen -t rsa  
  2. Generating public/private rsa key pair.  
  3. Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
  4. Enter passphrase (empty for no passphrase):
  5. Enter same passphrase again: 
  6. Your identification has been saved in /home/hadoop/.ssh/id_rsa.
  7. Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
  8. The key fingerprint is:
  9. 53:04:95:b3:d7:ba:aa:2e:90:7a:c0:18:8c:b6:b6:fd hadoop@uidlt02.xxx.com
  10. The key's randomart image is:
  11. +--[ RSA 2048]----+
  12. [hadoop@uidlt02 ~]$

What just happened?
On your local server you just created 2 files in your ~/.ssh directory.
  1. [hadoop@uidlt02 ~]$ ls -l ~/.ssh/
  2. total 16
  3. -rw-------. 1 hadoop hadoop 1675 May 23 15:30 id_rsa
  4. -rw-r--r--. 1 hadoop hadoop 406 May 23 15:30 id_rsa.pub
  5. -rw-r--r--. 1 hadoop hadoop 5488 May 22 04:58 known_hosts
  6. [hadoop@uidlt02 ~]$

id_rsa contains your private key. id_rsa.pub contains your public key.
Step 2 of 2 : On remote machine: authorize password less login
Login to remote machine
  1. ssh hostname -l username

Enter yes and press enter.
Enter your password, and hit enter.
Create a .ssh directory on the remote machine and create a authorized_keys file in that directory. You need to copy the entire contents of your local machine’s ‘id_rsa.pub’ and paste it in the .authorized_keys file on the remote server.
  1. mkdir -p .ssh
  2. chmod 700 .ssh
  3. cd .ssh
  4. touch authorized_keys
  5. chmod 644 authorized_keys
  6. vi authorized_keys
  7. # copy-paste the entire contents of your local machine's ~/.ssh/id_rsa.pub file in authorized_keys
  8. # logout
  9. exit


Important: Make sure you have the right permissions for .ssh directory and authorized_keysfile, as shown in chmod command above otherwise SSH will not honor your authorized_keys.
You should now be able to login to the remote server without typing your password.
  1. # type this command from your local machine
  2. ssh hostname -l username
SSH should log you in without password! Now, you can also scp or rsync (over ssh) without having to enter your password.
Posted by Roy Sudipto at 3:18 AM
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)