 |
Cory's Forums
Track help topics, support/issues, tips/tricks
|
| View previous topic :: View next topic |
| Author |
Message |
clievers
Site Admin
Joined: 07 Sep 2005
Posts: 164
|
 Posted: Sun Oct 29, 2006 3:30 pm Post subject: Configure Remote Authentication for no Password |
 |
|
Let's say you frequently connect to a remote linux box. Normally you would do something like:
ssh user@remotehost
then you enter the password.
Well wouldn't it be nice to be able to just do
ssh user@remotehost
and then be connected, without having to enter a password, or just
ssh remotehost
Why would you want to do this? Well perhaps you can't remember those stinkin' passwords, or you use programs/applications that need to remotely connect and you don't want to display your password in clear text in a conf file. Also, you may remotely connect to a number of different machines, and therefore remembering all the passwords could again pose a problem.
To be able to connect remotely like mentioned above, you just have to set up a public and private key on your local computer and then add the public key to the remote computer.
Step 1:
Generate your key on the local computer using the ssh-keygen program:
When asked for the file to save the key, you can probably just use the default. The default will be the home directory of the user you are logged in as, and then the .ssh directory. Just hit 'Enter' when asked for a passphrase, which is part of this passwordless authentication.
Now there will 2 new files created in this directory, the id_rsa and id_rsa.pub. The id_rsa file is only readable by the user you created it under, as for high security. Do not give or share this file with anyone else or they could also log in to the same remote computer's you do while using that key. The public key is the one you need to share with the remote computer. You must add it to the contents of the remote computer's ~/.ssh/authorized_keys file.
Step 2:
To add the public key you just created to the authorized_keys of the remote computer, type:
| Code: | | ssh user@remotehost "cat >> ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub |
Of course, replace the user@remotehost with your user and hostname of the remote computer, and enter the password when prompted.
Now you should be able to connect to the remote computer over ssh without being asked for a password.
_________________
Let's all play nice!!
http://www.cory.lievers.ca
Last edited by clievers on Thu Oct 11, 2007 5:56 pm; edited 1 time in total |
|
| Back to top |
|
 |
|
|
clievers
Site Admin
Joined: 07 Sep 2005
Posts: 164
|
| Posted: Mon Jul 30, 2007 1:26 pm Post subject: Passwordless Authentication from Windows |
|
|
Passwordless Authentication from Windows
Okay, so the passwordless authentication works fine from Linux -> Linux, but when you use Putty to connect from Windows, you still gotta enter the darn password. Here's how you can get around that and utilize passwordless authentication as well.
If you go to the putty download page, you will see there are also a couple of other programs "Pageant" and "PuTTYgen". Download these as well. (The putty documentation has more information you may want to look at).
So your first step is to run the PuTTYgen program. Select your appropriate options, for example "SSH2 RSA" and "1024" for bits. Then click the "Generate" button. Move your mouse around until it says it is generating your key. Enter a passphrase (twice) for the [private] key so as to make sure it's secured. Update the comment if necessary. Save both the public key and private key (there are buttons for each) to some place on your hard drive. Copy the big string of text under where it says "Public key for pasting into OpenSSH authorized_keys2 file:"
Open up your putty and connect to your remote box using regular user/password ssh, then edit your ~/.ssh/authorized_keys file and paste the big string you just copied. Ensure it's all on one new line. Save your file and exit.
Now, your ready to use all of this together to get the passwordless authentication going.
Method 1: is in your Configuration for your Putty Connection to the remote box, there is and "Auth" tab under "SSH". They give you the ability to browse to your private key (you just created and saved above). The problem with this, is you'll then be prompted for the private key's passphrase before it will authenticate. So it's not "really" passwordless anymore. The solution around this is Method 2.
Method 2: Remember that other file you downloaded, the Pageant file? Now that comes into play. If you double-click on it, it will open into your system tray. Here you can use the "Add Key" feature, browse to and find your private key you created/saved above, and it will prompt you for the passphrase. Once this is loaded, you can connect to your remote box using putty and passwordless authentication. To get more fancy, so you don't have to open the Pageant manually and load the key file, create yourself a batch file to run on windows startup/login. So, for example, in your My Documents, create a file called "startup.bat". In it, enter the following:
| Code: | @echo off
start "Loading Pageant" /D"C:\Program Files\PuTTY" pageant.exe C:\putty\privatekey.PPK
exit |
This will start the pageant.exe file, found in the "C:\Program Files\PuTTY" folder and pass in the location to your private key you created/saved above. Create a shortcut to this batch file in your Start Menu's | All Programs | Starup folder and when you log into your computer initially, you can enter your passphrase and you're good to go for the rest of your windows session.
Oh, and don't forget, in your Putty connection, don't forget to add your user@ prior to the host name or ip address. So instead of having "ipaddress", you would have "joe@ipaddress". This username ("joe" in this example) is the username on the remote box you saved the key under above (where you edited the ~/.ssh/authorized_keys).
Hope this helps you.
_________________
Let's all play nice!!
http://www.cory.lievers.ca |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search 
Memberlist
Usergroups
Profile
Log in to check your private messages
Log in
