Home arrow Help Docs arrow Configure SSH without password
Main Menu
Home
Help Docs
Newbies
Corporates
Gnu/Linux Distros
Programming
Databases
Links
Search
Regular
News
Interviews
Aaj Ka Tip
Aaj Ka Command
Community
Blogs
Wiki
Forums
Services
Free Software

Configure SSH without password Print E-mail
Why should I configure SSH without password


Why should I configure SSH without password?


Well, Some packages like openMosix(a Cluster Sofware) requires to execute commands remotely on other cluster nodes to get process list of remote host. For remote executing commands it uses rsh/ssh. SSH is definitely secure that rsh. But SSH must be configured for root to logging into remote system without password. SSH is secure even if you use it to login without being prompted for a password. Here is a one way to configure it.


Installation:


#rpm -ivh sshd_rpm_packeage_from_your_linux_distribution_cd


Configuration:

At first a running secure-shell daemon on the remote site is required. If it is not already running start it with:


/etc/init.d/ssh start


Now you have to generate a keypair for SSH on your local computer whith ssh-keygen.

ssh-keygen


You will be prompt for a passphrase for that keypair. The passphrase normally is longer than a password and may be a whole sentence. The keypair is encrypted with that passphrase and saved in

/root/.ssh/identity //your private key

and

/root/.ssh/identity.pub //your public key


Do NOT give your private-key to anybody!!! Now copy the whole content of /root/.ssh/identity.pub (your public-key which should be one long line) into /root/.ssh/authorized_keys on the remote host. (also copy the content of /root/.ssh/identity.pub to your local /root/.ssh/authorized_keys like you did it with the remote-node because openMosixview needed password-less login to the local-node too!)

If you ssh to this remote host now you will be prompted for the passphrase of your public-key. Giving the right passphrase should give you a login.


What is the advantage right now??? The passphrase is normally a lot longer than a password! The advantage you can get using the ssh-agent. It manages the passphrase during ssh login.

ssh-agent


The ssh-agent is started now and gives you two environment-variables you should set (if not set already). Type:

echo $SSH_AUTH_SOCK

and

echo $SSH_AGENT_PID

to see if they are exported to your shell right now. If not just cut and paste from your terminal. e.g. for the bash-shell:

SSH_AUTH_SOCK=/tmp/ssh-XXYqbMRe/agent.1065

export SSH_AUTH_SOCK

SSH_AGENT_PID=1066

export SSH_AGENT_PID

example for the csh-shell:

setenv SSH_AUTH_SOCK /tmp/ssh-XXYqbMRe/agent.1065

setenv SSH_AGENT_PID 1066


With these variables the remote-sshd-daemon can connect your local ssh-agent by using the socket-file in /tmp (in this example /tmp/ssh-XXYqbMRe/agent.1065). The ssh-agent can now give the passphrase to the remote host by using this socket (it is of course an encrypted transfer)!


You just have to add your public-key to the ssh-agent with the ssh-add command.

ssh-add

Now you should be able to login using ssh to the remote host without being prompted for a passwod!


You could (should) add the ssh-agent and ssh-add commands in your login-profile e.g.

eval `ssh-agent`

ssh-add

Now it is started when you login on your local workstation. You have done it! I wish you secure logins now.


Reference:

http://howto.x-tend.be/openMosix-HOWTO/x1205.html


< Previous   Next >



gnulinuxclub
Join Us
About Us
Contact Us
Support Us
Acknowlegdement
Login(only for dev.)

Royalty Free Images

O'Reilly User Group discount!




Powered By GIMP GIMP
Contact Webmaster Copyleft 2011 gnulinuxclub.org