Linux Tips 2: Password-less SSH logins

Working in SSH is a common thing for me. Instead of developing on my computer with a separate webserver I have evolved into using SSH as much as possible and developing on the deployment server. This approach was learned through headaches with integration errors and frustrations with minor differences in PHP/MySql versions that can really make things hell when there is a tight deadline.

A problem that occurs when you work with SSH a lot is trying to remember all the passwords as well as making sure that your online shell accounts are safe from hackers, which normally means that long and impossible to remember passwords win out. The good news is that there is an alternative method to using passwords and that is using SSH keys. To use SSH one must first generate it on the client side computer (ie the one typing ssh

In *nix (linux, unix, OS X), type in your home directory: ssh-keygen -t rsa Just enter default values in the prompt if you are not sure what they mean. The command will create a .ssh directory in your home directory with two files. id_rsa is a file ssh uses to authenticate with, and contains the public key that you copy to servers.

For Windows users there is a guide for Putty using the Putty Key Generator.

After you have generated the key it is a simple matter of logging into your SSH server with a password for the last time. In your home directory execute the following commands to create a permission correct SSH authentication keys list.

mkdir $HOME/.ssh
touch $HOME/.ssh/authorized_keys
chmod go-w $HOME $HOME/.ssh
chmod 600 $HOME/.ssh/authorized_keys

The above commands will create a .ssh directory and create a file called authorized_keys and sets the permissions of both to something that the SSH server accepts as secure enough to use. The final step is copying your SSH key ( into the authorized_keys document. Remember that the SSH key is one line even if your default editor may have wrapped the line to make it look like four or five.

Log out of your shell account then back in to see if it works. If it does not check that the key is entered correctly and that your SSH daemon (sshd) settings are correct as well.


Post a Comment