Passwordless secure connections

Posted by wintellect on Fri, 5 Feb 2010 - 08:52

When you try to ssh / sftp to a remote server you'll be asked for a password...

$ ssh foobar
wintellect@foobar's password:

This can make scripting sftp commands difficult. What would be nice, is the ability to have the connection secured without the need for manually typing a password. Here's how...

Firstly, take into count the way I'll use the terms "server" and client in this short guide; the "server" is the system we will always connect from (eg. your workstation) while the "client" will be the system you connect to (eg. the web server.)

Generate the ssh keypair on the server (we are using dsa in this example, but it could be rsa)

$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/wintellect/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/wintellect/.ssh/id_dsa.
Your public key has been saved in /home/wintellect/.ssh/id_dsa.pub.
The key fingerprint is:
01:23:45:67:89:ab:cd:ef:11:22:33:44:aa:bb:cc:dd wintellect@foobar

If you need (or want) to change your passphrase, which is probably a good thing to do occasionally, here's how:

$ ssh-keygen -p -t dsa
Enter file in which the key is (/home/wintellect/.ssh/id_dsa):
Enter old passphrase:
Key has comment '/home/wintellect/.ssh/id_dsa'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.

To allow access to a client system for a given identity, place the public key $HOME/.ssh/id_dsa.pub in the file $HOME/.ssh/authorized_keys2 on that system. All keys listed in that file are allowed access.

Now, when you issue any ssh/sftp command you wont be prompted for a password yet you'll be reaping the full benefits of a secure connection.

 

 

Add Comment
BBCode supported - HTML will not work!
Text browser users please type in the number 26 followed immediately by the answer to six minus four - use NO spaces
The graphic contains six lowercase letters, enter them in the order they appear without spaces

 

Links Onliners
  SneakyMustard
  Neozeed
  CafeNinja
  Knightwise
  Scottro
  GeekLAN

Places
  NetBSD on a Stick
  TWiT.TV
  Swissmiss
  ICanHasCheezBurger
  WWdN: In Exile
  hubertf's NetBSD blog
  Neopythonic
Search
CakePHP RSS feed
All information on this site is provided "as is" for informational purposes only. The owner of this web site does not provide, endorse or guarantee any information or data contained herein. Information is deemed accurate but not guaranteed. The views expressed by the authors on this website do not necessarily reflect the views of this website or those who link to it. Comments on this website are the sole responsibility of their writers. No responsibility is taken by this website for any content held or maintained at external locations linked to.