Posted by: kezhong | June 24, 2009

Using ssh/scp without password

Remember that Professor Chan had taught me the approach how to be able to ssh or scp from a host to a server without supplying the password in the lab class. But I had no time to try it, so I thought it is not easy. Today I began to study the diagram he gave us, read Jayakara Kini’s blog, and do the test on Fedora 10, I found in fact it is very easy.

I suppose my machine A is a server and B is a client. On machine B, I create a public and private key pair, send the public key file to machine A, append its contents to the file authorized_keys of the server (Machine A). That’s it!

On client side (Machine B)
1. Generate the public and private key pair.
[joker@b ~]$ ssh-keygen –t rsa
Generating publice/private rsa key pair.
Enter file in which to save the key (/home/joker/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/joker/.ssh/id_rsa.
Your public key has been saved in /home/joker/.ssh/id_rsa.pub.
The key fingerprint is:
81:7d:3d:f0:ca:a1:1c:02:e7:2c:60:0b:4b:9e:c7:76 joker@b.localdomain
The key’s randomart image is:
   … … 

2. Transfer the public key to the server (Machine A)
[joker@b ~]$ scp ~/.ssh/id_rsa.pub joker@a.localdomain:.ssh/id_rsa.pub-hostb 

3. Append the contents of the public key to the file authorized_keys of the server (Machine A)
[joker@b ~]$ ssh joker@a.localdomain
[joker@a ~]$ cd .ssh
[joker@a ~]$ cat id_rsa.pub-hostb >> authorized_keys
[joker@a ~]$ chmod 600 authorized_keys

Logout and return machine B, try to use ssh or scp command, the system didn’t ask me the password anymore.

Finally, I think the diagram of Prof. Chan’s and Jayakara’s blog is worth reading for more understanding. I list the links as below.

 

Reference
The diagram of Prof. Raymond Chan
Jayakara Kini’s Blog


Responses

  1. i found the official one is the best ref i can find.. :-)

    http://sial.org/howto/openssh/publickey-auth/

  2. Step 2 and 3 can be replaced by the below:

    Copy the public key to remote-host using ssh-copy-id

    $ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: