SSH tunnel without password

Posted by shuron
February 9, 2010

SSH (Secure Shell) allows simple establishment of encrypted and authenticated connection between computers. Today i describe how easy it is do establish such SSH tunnels without using a password. You may need such connections when they have to be opened by daemons (e.g. Cron) without user interaction.

Two words on theory. Password-less connections have to be authenticated at least so strong like the password enabled one, so asymmetric cryptography which enables certificates comes into play.  The clue is to have private and public keys and share your public key with domains which should be able identify you.

So therefore let’s start by generation a needed key-pair.

Generating Keys

It is possible to create key with pass-phrase and without (or empty pass-phrases). I prefer to not use pass phrase because it is asked every-time on later usage of a ssh. Even there are ways to gives the pass-phrase to ssh command, but it is more work, with no significant security benefits. So i do the following statement and do not enter any pass-phrase (just hit enter on question). 

$ ssh-keygen -t rsa

This will create RSA key-pair as following files in ~/.ssh directory:

Now public key need to be copied to remote host and has to be added to end of ~/.ssh/authorized_keys file.

Transfer Public keys

The best way to do it is to use ssh-copy-id program which is inside of many linux distributions. 
$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-user@remote-server.org
In that case everything is done automatically and you are ready after that. But if ssh-copy-id is not available, you can copy keys manually e.g. like that. 
$ cat ~/.ssh/*.pub | ssh remote-user@remote-server.org 'umask 077; cat >>.ssh/authorized_keys'
Attention! On some linux distrs SSH2 searches for keys in ~/.ssh/authorized_keys2 . Not so in actual Debian (Lenny), but seems to be so in SuSe linux.

Test

Now remote login, scp and sftp can be used without password. Test it: 
# establish connection
$ ssh remote-user@remote-server.org
#or copy files secure and password-less.
$ scp /home/user/some-file remote-user@remote-server.org:/some-path/dir/
More information on SSH related man pages.
Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • BlinkList
  • MisterWong.DE
  • Slashdot
  • StumbleUpon
  • Technorati
  • NewsVine
  • Reddit
  • Yigg
  • HackerNews
  • LinkedIn
  • Webnews.de
  • Yahoo! Buzz
Software, linux

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments

No comments yet.

Leave a comment

(required)

(required)