Stanley Lio‎ > ‎

SSH Login Without Password


The scenario: I need to log into a remote server using SSH, but I don't want to type in the name and password every time.

I have read about the password-less login setup in various places online, but none of them seem to make it clear what each of the step was supposed to be carried out on which machine, and using which account. Here's my take:

Let's say I have an account on the remote server called serveruser. To login as serveruser using SSH from my local machine without typing in my password, execute on my local machine

ssh-keygen

Follow the prompt (the defaults are good). This will generate a private key and a public key. The keys are usually stored in your home folder, hidden. The remote server will need a copy of your public key in order to let you login (keep your private key private, however). You can view the public key you have just generated by

cat ~/.ssh/id_rsa.pub

Copy the whole string into

~/.ssh/authorized_keys

on the remote server (create a file if it doesn't already exist). A sample public key looks like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQADAAABAQDAnKsvPuLQdb3LtS4YJ28FEEZyRfY5GbpQSbbWjqojBn2AhbXIBo6D7D2c2j2OOcRkh7+3dyX7nyCjn0Yojb21sZxrW26jmT+7Zbi4N88Hexqd20RIjKeECA5ahUq8Kk+vG9qZvozXUR4RLyopn8bQ5240WlenNUxD2am81SxJzfJsMWeQniff9uiCnab+EZrbTn/CxgQex9cvgrbsRtoEUQwpO9bnXJpPhjGZdF/1PfDmDJvsd0NUa/SU8xTCh7aWASLfQIopvxq9GuRe2GyfnW9HO4r0YBuBK4oixJJRVlRF6RLv0LHTjQ34ummPwTEGkwywGPn/9asbS4oBPF5 root@local-machine

Append it to the end of the file on a new line if there are existing keys (wait, who put them there?).

(also take a look at the ssh-copy-id command - it doesn't always work for me, but it saves some work when it does)

You're done.

- - - - -

"How does this public-private key thing work?"

"The public key has no identification. How does it know it's you?"
When you copied your public key into the file on the remote server, you are logged in as serveruser. The assumption here is that if you had the power to write to that key file as serveruser, then whoever hold that public-private key pair can be authenticated as serveruser.

"I have other remote servers / github I want to login to. Do I repeat the whole process?"
Nope. To set up another server for password-less login, just copy your public key to that server (without executing ssh-keygen again). The public and private keys are used as a pair. If you ssh-keygen again, your old keys would become invalid (they would be overwritten by ssh-keygen unless specified otherwise).






Comments