Craig Francis


No Password SSH

If you regularly login to a server with an SSH connection, then it can become very repetitive having to type your password. It is possible to avoid this, however you really need to consider the security problems this might cause.

The basic theory behind removing the password to login is that your public key is stored on the remote computer. Later, when your computer tries to connect to the remote computer, it checks to see if your public key (used in the secure connection) can be found in a file of authorised keys.

Setup

First you need a public and private key that you use for all communication, generate this on your computer using:

ssh-keygen -t rsa

When asked for a pass-phrase, leave it blank.

Now copy this public key onto the remote server by:

scp ~/.ssh/id_rsa.pub example.com:
ssh example.com
mkdir ~/.ssh/
chmod 700 ~/.ssh/
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

And yes, the Americans have named it "authorized_keys" with a "z".

Future login attempts should now be password free.

Debugging

If the password-less login does not work, or there are other problems with making an SSH connection, you can run the following on the remote server...

/usr/lib/ssh/sshd -D -p 1099 -d -d -d

This has setup a new SSH demean running in debug mode (level 3).

When its finished setting itself up, press the [enter] key a few times, so you know where it stopped. Now in a new terminal window on your computer, run:

ssh -p 1099 -v -v -v username

Scanning though the output in both terminal windows should tell you where it's going wrong - start with the output created on the remote computer.

A common problem is down to file and folder permissions. For example, it is possible that your home directory has group writable permissions, so the SSH daemon does not trust the "authorized_keys" file.

Slow connections

If it takes a while to establish a connection to the remote computer, it might be an issue with the computer trying to-do a reverse DNS look-up on your IP address. If that is the case, a quick solution is to take the IP address which you are connecting from and add an entry in the remote computers /etc/hosts file.