SSH : Password-less authentication

terminal

Posted By: admin March 14, 2018

Post updated on Jan 2024

SSH_1

At times, for example if a server has a script that needs to copy a file to a client via SSH, it will be good if the server can SSH to the client without using the password. This is achieved by copying the content of server’s SSH public key available in “/<user’s home folder>/.ssh/id_rsa.pub” to the end of the authorized_keys file in the client located at “/<user’s home folder>/.ssh/known_hosts

  • This can be achieved by using the following command in the server and selecting the default options.
    • ssh-keygen
  • In the server change the permission on newly created private key
    • chmod 600 <private key>
  • On the server node, go to “/<user’s home folder>/.ssh/” and type the command ” ssh-copy-id user@<client node IP>
  • From the server test ssh connection to client node, and see if you can access the client without a password

 

SSH Key with a non-default key name and PassPhrase

At times one may like to create a set of keys with non-default name, that is something other than “id_rsa”. The procedure is like this:

  • mahesh@miq_and_myob ~]$ ssh-keygen -f ~/.ssh/mykey-with-pass
    • Enter passphrase as Redhat
  • mahesh@miq_and_myob ~]$ chmod 600 ~/.ssh/mykey-with-pass
  • mahesh@miq_and_myob ~]$ ssh-copy-id -i ~/.ssh/mykey-with-pass.pub root@192.168.154.132
    • Enter root password
  • mahesh@miq_and_myob ~]$ ssh -i ~/.ssh/mykey-with-pass root@192.168.154.132
    • Enter passphrase for key ‘/home/mahesh/.ssh/mykey-with-pass’:Redhat

 

Cashing ssh passphrase by KeyManager

As seen in above example, it may be good to avoid repeatedly typing the Passphrase Redhat during a single putty session. For this if the ssh passphrase is cached somewhere, then you will not be prompted to try the passphrase when executing the below command used in above section’s example:

  • mahesh@miq_and_myob ~]$ ssh -i ~/.ssh/mykey-with-pass root@192.168.154.132

The process to obtain that is by using the following commands:

  • mahesh@miq_and_myob ~]$ exec ssh-agent bash
  • mahesh@miq_and_myob ~]$ eval #(ssh-agent)
  • mahesh@miq_and_myob ~]$ ssh-add ~/.ssh/mykey-with-pass

Please NOTE that the above is a temporary setting that will work only during one login session when user mahesh. Once user mahesh exits putty and logs-in back, the Passphrase will be asked as usual

 

Configuring default private keys to be used for different hosts

Instead of using  the “-i” option to select a particular key for connecting to certain remote host, we can update a configuration file to ensure certain keys are used as defaults when connecting to certain remote host.

  • Create the following file
    • mahesh@miq_and_myob ~]$ vi ~/.ssh/config

Host 192.168.154.132
HostName 192.168.154.132
User root
IdentityFile ~/.ssh/mykey-with-pass

Host 192.168.154.8
HostName 192.168.154.8
User root
IdentityFile ~/.ssh/mykey-with-pass-for-new

  • Change the permission
    • mahesh@miq_and_myob ~]$ chmod 600 ~/.ssh/config
  • Now try accessing the remote host. You will be prompted to type the passphrase since it was configured in the example we are using
    • mahesh@miq_and_myob ~]$ ssh 192.168.154.132

Enter passphrase for key ‘/home/mahesh/.ssh/mykey-with-pass’:Redhat