Passwordless SSH
setting ssh authorized_keys
– SERVER –
in /etc/ssh/sshd_config set passwordAuthentication yes to let server temporary accept password authentication
– CLIENT –
- generate private and public keys (client side) # ssh-keygen
here pressing just ENTER you get DEFAULT 2 files “id_rsa” and “id_rsa.pub” in ~/.ssh/ but if you give a name_for_the_key the generated files are saved in your pwd`“ - place the your_key.pub to target machine ssh-copy-id user_name@host_name
if you didn’t create default key this is the first step to go wrong … you should use
ssh-copy-id -i path/to/key_name.pub user_name@host_name - logging ssh user_name@host_name will work only for default id_rsa so here is 2nd trap for you need to ssh -i path/to/key_name user@host
(use ssh -v ... option to see what is happening)
If server still asks for password then you gave smth. to Enter passphrase: when you’ve created keys ( so it’s normal)
if ssh is not listening default port 22 must use ssh -p port_nr
– SERVER –
- modify /etc/ssh/sshd_config to have
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
(uncoment if case)”`
This tells ssh to accept authorized_keys and look in user home directory for key_name sting written in .ssh/authorized_keys file
- set permissions in target machine
>>chmod 755 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Also turn off pass auth
passwordAuthentication no
to close the gate to all ssh root/admin/….@your_domain attempts
- ensure ownership and group ownership of all non-root home directories are appropriate.
chown username -R ~/.ssh
chgrp username -R ~/.ssh
- in client run daemon agent ssh
eval$(ssh-agent)
ssh-add ~/.ssh/id_rsa
** SIMPLE WAY **
ssh-copy-id username@ip