SSH is often used to login without requiring passwords. It requires you generate your own personal set of private/public pair.
RSA security key
Generate personal set of private/public pair (do not use a passphrase):
user1@deby:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Created directory '/home/user1/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
81:95:1a:bd:32:89:3b:c7:34:da:a2:a0:14:24:26:73 user1@deby
The key's randomart image is:
+--[ RSA 2048]----+
| ... |
|+oE .oo |
|=o ..+.. |
| . . B .. |
| . * +S |
|.. = + |
|o. . + |
|. . |
| |
+-----------------+
Let ssh know your public key (here we are copy public ssh key from the client to remote server):
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
Secure
.ssh directory so nobody except you can get access there:
user1@deby:~$ chmod -R go-rwx .ssh/
user1@deby:~$ ls -la .ssh
total 20
drwx------ 2 user1 user1 4096 2010-06-09 15:33 .
drwxr-xr-x 4 user1 user1 4096 2010-06-09 15:22 ..
-rw------- 1 user1 user1 393 2010-06-09 15:33 authorized_keys
-rw------- 1 user1 user1 1675 2010-06-09 15:22 id_rsa
-rw------- 1 user1 user1 393 2010-06-09 15:22 id_rsa.pub
Troubleshooting ssh localhost login
You might need this while using existing ssh tunneling feature, e.g. svn+ssh access.
user1@deby:~$ ssh deby
ssh_exchange_identification: Connection closed by remote host
You need to add
localhost to
/etc/hosts.allow, e.g.
sshd: localhost
Here is another issue that is related to
pam_access module (if it configured to prohibit local logins):
user1@deby:~$ ssh deby
Connection closed by 127.0.0.1
Here is a rule that prohibit local logins except from localhost (file
/etc/security/access.conf):
# Disallow console logins
- : ALL : LOCAL EXCEPT 127.0.0.1
Windows client
If you are using a windows machine to connect to your remote ssh server with
PuTTY you need few extra steps to import private key.
-
You need PuTTYgen. Download it from here.
-
Import the key. Menu Conversions > Import key.
-
Save private key (so PuTTY can understand it): Menu File > Save private key (do not set password).
-
Load previously saved session in PuTTY
-
In Category select Connection > Data, enter your remote username into Auto-login username
-
In Category select Connection > SSH, choose SSH2 as your preferred protocol version
-
In Category select Connection > SSH > Auth, browse the private key that you saved with PuTTYgen previously.
-
Save your session
ssh-copy-id
Mac OS X doesn't come with ssh-copy-id, here is a single line command:
cat ~/.ssh/id_rsa.pub | ssh user@machine \
"mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"
You can download script
here.
No comments :
Post a Comment