If you have to connect to an SSH server frequently or you want to make a shell script using ssh, you might want to consider connecting to it passwordless. This trick is now new. I have heard about this long time ago but didn't have any necessity for it so I ignored it until recently.
by the time of this writing, I have just completed my script for backup using SSH passwordless. Here I want to share the way I did it in a simple way. I hope it benefits others. Bear in mind that, all ssh utilities like sftp, scp and ssh can use passwordless connection once we complete setup one.
Step 1
- Connect to SSH server and open up sshd_config in /etc/ssh or equivalent. Check your distro documentation.
- Make sure you have the following entries:
# Allow Identity Auth for SSH1?
RSAAuthentication yes
# Allow Identity Auth for SSH2?
PubkeyAuthentication yes
# Authorized Keys File
AuthorizedKeysFile ~/.ssh/authorized_keys
- Make RSA keys using ssh-keygen in your home directory of ssh client.
$ cd ~
$ mkdir identity-test
$ cd identity-test
$ ssh-keygen -f id_rsa -t rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
c3:af:e9:6c:2f:19:4d:b5:1a:a9:40:06:54:e6:60:08 me@localhost
- look at the created files
$ ls
id_rsa id_rsa.pub
The id_rsa.pub contains the public key and id_rsa contains private key. - copy the content of id_rsa.pub to ~/.ssh/authorized_keys
Two ways to achieve this
1. login to ssh server and paste the content into the file
2. using scp to copy the content into the file - So, let's test logging in with this key. Since we have put the test key in a non-standard place, we will need to reference it explicitly on the command line:
$ ssh username@server -i ~/identity_test/id_rsa
$username@server$ hostname
$server
$username@server$ exit
$ ssh username@server -i $HOME/identity_test/id_rsa "echo Success!"
Success!
$ - In the above examples, if you can login without password then the setup is a success. If not, please recheck the setup.