System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Help me with passwordless login.

 
RAC_1
Honored Contributor

Help me with passwordless login.

I have a requirement to log in without the password. I have to use SSH.
ssh on source is
ssh: SSH Secure Shell 3.1.0 on i686-pc-linux-gnu

On desitnation. hp ssh. So keys base authentication is now working. I need a way to login without pass. I tried expect, but I am not able to do it. I just need expect to send a pass..
There is no substitute to HARDWORK
6 REPLIES 6
Court Campbell
Honored Contributor

Re: Help me with passwordless login.

If you created a public/private key pair without a passphrase and put the public key on the host your are trying to connect to then you should not be asked for a passphrase, nor a password. It sounds like you either put a passphrase on your key, or you don't have public key auth setup correctly.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
Doug O'Leary
Honored Contributor

Re: Help me with passwordless login.

Hey;

null-passphrased keys should only be used for batch scripts run via cron. Do not use them for normal interactive shells.

ssh-agent is what you want to use for your interactive keys. The short version is:

1. `ssh-agent ` to start the agent
2. ssh-add to add your keys into it.
3. ssh-add -l to verify your kesy are in it.

You will need to do this for each window you're using. There are methods of sharing ssh-agents across which take longer to go into and, unfortunately, I'm somewhat time restrained atm...

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
Court Campbell
Honored Contributor

Re: Help me with passwordless login.

Not using a passphrase is not an issue if you can make sure no one else can get access to your private key. IMO it is a matter if personal preference. But if you do have one, as Doug mentioned, you could use ssh-agent.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
David Child_1
Honored Contributor

Re: Help me with passwordless login.

As Doug pointed out, the agent is a good way to go. I attached a script I use and some stuff to add to your .profile so it will automatically set it up for use. It's a little old and could probably use some tweaking, but it has worked well for me.

David
Matti_Kurkela
Honored Contributor

Re: Help me with passwordless login.

Based on the version string, you seem to have a commercial SSH version from ssh.com.

In the OpenSSH, you can generate a SSH key by simply running "ssh-keygen -t rsa" or "ssh-keygen -t dsa" (choosing your preferred algorithm), use the default key name and have the key used automatically.

But the commercial SSH requires you to manually create a file named ~/.ssh2/identification, containing a line with the word IdKey and the filename of your private key.
Example .ssh2/identification file content:
------------------------
IdKey id_2048_rsa_a
------------------------

If the file ~/.ssh2/identification does not exist, the commercial SSH client will not even try to authenticate using SSH keys.

If you set an empty passphrase to your SSH key, the key-based authentication will allow you to log in automatically with no password/passphrase prompts at all.

MK
MK
Bill Hassell
Honored Contributor

Re: Help me with passwordless login.

The technique is a fairly simple concept but there are a lot restrictions. The concept is:

1. generate a public and private key on your local system (such as a PC).
2. Add the public key from your local system to the .ssh/authorized_keys file on the remote system

Now use: ssh remoteSYS date

and you'll see the date on the remote system. Now for all the gotchas(tm):

- The local public key will be much, much longer than your terminal screen. This means special handling when copying and pasting. There must never be any spaces inside the key. The key will be exactly 1-line with 3 words. Verify this with wc:

wc -lw .ssh/id_rsa.pub
1 3 .ssh/id_dsa.pub

1 line, 3 words. The first word is the key type: ssh-rsa, the second word is a very long string of random characters and the last is typically the user@the_local_host, like this:

ssh-rsa AAAAB3Nza...stuff...G+ClGBQ= billh@mycpu23

This one long line must be copied and pasted exactly as one line.

- on the remote system, you need $HOME to contain a .ssh directory and if not already there, create a file called authorized_keys. Then before you forget, set the following permissions at the remote system:

chmod 750 $HOME
chmod 700 $HOME/.ssh
chmod 600 $HOMD/.ssh/authorized_keys

where $HOME is the remote system's HOME directory for the user you are setting up for passwordless login. Now append the long string to authorized_keys. Sounds easy but options in your terminal emulator and vi will fight you on this. So rather than use vi, just echo the contents from your local file onto the end of the authorized_keys file:

cat >> $HOME/.ssh/authorized_keys

At the above command, just use the Paste ability of your terminal to supply the cat command with text. Now check the file:

wc -lw $HOME/.ssh/authorized_keys

A single public key will show 1 line and 3 words. If not, edit the authorized_keys file and fix any broken lines.

- Some terminal emulators do not insert the keytype (as in: ssh-rsa) so you can add that to the key. You can also insert some comment lines like:

---- BEGIN SSH2 PUBLIC KEY ----
or
--- START SSH2 KEY for BILLH at CPU23 ---

These comments are ignored.

At this point, all should be working. To test this, on the local machine:

ssh cpu67 date
Tue Apr 29 16:02:57 EDT 2008

which means you connected, authenticated successfully and ran the date command. To simply login to an interactive session, just use ssh . To login as a different remote user, add the username: ssh user2@cpu67 but you'll need to push your public key to the remote system in user2's HOME directory.


Bill Hassell, sysadmin