SSH Passwordless Authentication

To login remotely without a password and save time with things like mercurial repositories, use passwordless authentication.

Do the following -

1. Create an RSA key-pair with an empty password (no encryption). 2. Copy the public key to the remote server 3. Add the public key to the authorized_keys file on the remote server

Here are the steps as you would actually type them (ssh-copy-id does steps 2 and 3):

    ssh-keygen -q -t dsa -N '' -f ~/.ssh/id_dsa
    ssh-copy-id user@remote.example.com

Here is what you would do without ssh-copy-id.

    ssh-keygen -q -t dsa -N '' -f ~/.ssh/id_dsa
    scp ~/.ssh/id_dsa.pub user@remote.example.com:~/id_dsa.pub
    ssh user@remote.example.com \
        "mkdir -p ~/.ssh; \
        chmod 700 ~/.ssh; \
        touch ~/.ssh/authorized_keys; \
        cat ~/id_dsa.pub >> ~/.ssh/authorized_keys; \
        chmod 600 ~/.ssh/authorized_keys"

Note - it's usually very bad to do this. Use in limited circumstances. To simply avoid typing your password over and over, use SSH Agent.

SSH Agent#

You can have ssh cache your private key password so that you only need to enter it once. To do this, ssh uses ssh-agent to cache passwords. The ssh-agent sits in the background and caches the password to your private keys. On most desktop distros such as Ubuntu an ssh-agent is started when you login. The ssh-agent doesn't do anything until you add a private key to the cache. This will add your private key to the ssh-agent cache.

    ssh-add

The agent will ask you for your password. Now the agent running in the background has your password and private key. When the ssh client later needs to confirm a public key it will first ask the ssh-agent if it has the key and password cached. If it does then the ssh client can confirm your keys without your help.

Debugging Your Agent#

Most distros that feature a display manager such as xdm, gdm, or kdm will start an ssh-agent when you login. This is started as part of the xinit process. For example if you use KDE, then kdm is your display manager. Kdm will start X, which starts startkde, which starts ssh-agent.

You can check if an agent is running by using this command:

$ ps auxww | grep agent

If you don't have an agent running you can put one in your .xsession. Or you can run it manually at any time from the command line:

$ exec ssh-agent bash

Possible Problems#

Credits: info taken from noah.org


SCM : Linux : Mac : Networking.SSH : Fixme