Archive for December, 2008

Connect Through SSH Without a Password

December 10, 2008 Leave a comment

lockpickOne day, you will find yourself trying to execute  a command on a remote UNIX box without the need of typing the password. The basis of using this technique relies on public keys which are a kind of digital signatures.

Let’s supose we have a server named “Mailserver” and another server called “Monitor” and you want Monitor to connect every 30 minutes to Mailserver and verify the health of some services.

Anyway, here is the quick-guide:

First of all connect to Monitor with the user of you choice.

Then,  type:

ssh-keygen -t rsa
This command will create the RSA public key of the current user. You will be asked to type a passphrase but it’s not necesary at all; You can just ignore it.

When the command finishes execution, a message will appear telling you the location of the new files. In most cases it is placed in the .ssh/ directory inside your home/ path.

Next, you’ll have to copy the public they to the authorized_keys2 file on the remote server (in this case Mailserver). To make it simple, here is the command (Remember to substitute user and hostname with your own):

scp ~/.ssh/ user@hostname:~/.ssh/authorized_keys2
This will the last time you’ll prompted to type the password. When the transfer finishes, you should be able to ssh from Monitor to Mailserver without being prompted for a pass. 🙂

NOTE: On some UNIX like Solaris the default location of the public-keys can vary from system to system.

NOTE 2: You must have RSAAuthentication yes in your /etc/ssh/sshd_config file. On many Linux installations this setting is commented out in a default install.

Categories: networking, ssh Tags: ,