Thursday, March 26, 2009

Passwordless SSH

So you have a bunch of Ubuntu servers and you use SSH to do administrative tasks on the machines. It is beginning to be a pain to always type the password each time you login to a server. You want a way where you can log straight in without having to type a password. That is where key authentication comes in. You can use a program to generate a public and private key for your computer. You can then distribute your public key to each of your servers and then your authentication will come from the keys and not from a password. Please read through these steps carefully and you can have these useful passwordless SSH logins.
  1. Install OpenSSH on your computer and all of the servers (You probably have done this already).
    sudo apt-get install openssh-server
  2. Generate your public and private keys. When it asks for a passphrase leave it empty.
    ssh-keygen -t rsa
  3. You now need to distribute your public key (~/.ssh/id_rsa.pub) to each servers .ssh/authorized_keys file. This can be done in several ways.
  4. If you have not made the authorized_keys file on the server you can do this:
    scp ~/.ssh/id_rsa.pub username@servername:.ssh/authorized_keys
  5. If you have other entires in the authorized_keys folder then you can use cut and paste between two text editors. Open ~/.ssh/id_rsa.pub in the text editor of your choice on your computer. Open a normal SSH session on the server and open the ~/.ssh/authorized_keys in nano, vi, or any other terminal text editor. Copy the text straight from the text editor on your computer to the terminal window. Make sure that it ends up as one line in the authorized_keys file.
WARNING: Not setting a password on your keys can pose a security risk. IF someone were to get your private key they could pose as YOUR computer and access the servers just like you do. Guard your private key with your life.

You can even set this for other users on the server as well as the root user. It is considered a bad practice to log in as root unless you are doing serious administrative tasks. If you run into problems after copying your public key onto your server, just simply move your keys out of your .ssh folder and then you can login to the server using your password to fix the issue. In that case make sure that your public key was all on one line.

No comments: