Smooth SSH Passwordless Authentication

posted in the early afternoon by Constantinos. Filed under Code, Terminal

This post was originally published in 2008
The tips and techniques explained may be outdated.

This post first appeared on the Voodoo Finance blog which is maintained by my friend Constantinos Michael, and I’m recreating it here with some extensions so I can find the code more easily when I need it.

Using computers remotely is a big part of what I do. Whether I’m at home and need to connect to a computer in the lab, or in the lab or the road and need to connect to my home computer. The way I (and pretty much most other linux users) is through SSH. If you’ve ever had to open more than one ssh connection however, it gets old pretty quickly. First you need to remember the host (and potentially the port, if it’s not standard) of the machine you’re connecting to, and also your username on that machine. After those are typed in, you need to enter your password every time you initiate a new connection. Well, all of the above can be automated with a few quick keystrokes in the terminal.

The first step is to generate an SSH key pair. This private / public key pair will be used to authenticate you on the target machine. As it’s using an RSA key pair, you can probably leave the passphrase empty as the attacker would first need access to your private key. If you’re really paranoid, you can type in an easy password (but you’ll need to type this password in every time you use the key). To generate this key, type the following in a terminal window:

ssh-keygen -t rsa

After this is done, you’re ready to install this key on any remote machine you wish to access. Before you do that however, I suggest setting up some aliases to the target machine so you don’t have to type the host and username every time you wish to log in. To do that, you need to edit (or create) a file called ~/.ssh/config. In this file, you can enter a block of text for each host you wish to create an alias for. You can add as many hosts you want, just make sure there’s an empty line between each configuration. This is an example of what needs to go in this file:

host lab
user admin
HostName www.example.com
port 12345

There are many more options that can go in there, and it mostly depends on your setup. But for anything that you don’t need to specify in the ssh command line, you don’t need to add an option for in this file. For example with the text I provided above, when you type ssh lab in the command line, it will try to connect to www.example.com using the username admin on port 12345. This would be equivalent to typing ssh moc.elpmaxe.wwwnull@nimda -oPort=12345. Much easier, isn’t it?

Now on to the juicy stuff. Create a script that will install your key on the remote machine. To do that, paste these instructions in the terminal:

sudo touch /usr/bin/ssh-install-key ;
sudo chmod a+w /usr/bin/ssh-install-key
echo "cat ~/.ssh/id_rsa.pub | ssh \${1} \"cat - >> ~/.ssh/authorized_keys\"" \
     > /usr/bin/ssh-install-key
sudo chmod a-w+x /usr/bin/ssh-install-key

At this stage, you’re done with the setup. All you need to do is type

ssh-install-key lab

in the terminal window (assuming you’ve set up the above config file with a host called lab), enter your password as many times as you’re prompted, and you’re done! Every subsequent time you wish to connect to this machine, all you need to do is type ssh lab, and you’re immediately connected, no questions asked! (Unless of course you provided a passphrase for your key pair, in which case you will be prompted for that password).

One Response to “Smooth SSH Passwordless Authentication”

  1. 1. Comment by Another Option
    on 2008-04-21 @ 9.05 pm · Quote #2273 ·

    I use this old but great tool “SSH Tunnel Manager”. It works for Tiger and Leopard:
    http://www.macupdate.com/info.php/id/10128

Leave a Reply

Click to quote selected text