ssh without a password

I do a lot of work that requires me to log in and out of remote machines using SSH. As a result, I prefer to configure my laptop (working machine) to SSH without prompting for a password on those machines I know to be secure.

Here’s how to do it.

Step 1 – the local machine

From the machine I will be using to connect to the remote machine, I run the following from the command line (within the ~/.ssh/ directory):

ssh-keygen -t dsa

Note that I’m using SSH-2 – which if you’re using a new Mac will probably be the default. If you are using SSH-1 you need the command:

ssh-keygen -t rsa1

Then I select the default name for the key and leave the pass phrase blank (pressing enter twice).

Now within the ~/.ssh/ directory is a file either called id_dsa.pub or identity.pub (depending on the version of SSH you are using).

Keep note of this file, we’ll need the contents of it for step 2.

Step 2 – the remote machine

Log in to the remote machine as you normally would. Now in ~/.ssh/ you need to add the contents of the .pub file made above to the ‘authorized_keys’ file in ~/.ssh/ – if it doesn’t exist, you need to add it:

In the example below, I’ve copied the public file across to the remote machine, an I will delete it after I’m done.

cat id_dsa.pub >> ~/.ssh/authorized_keys

Finally, on the remote machine you want to access, make sure the authorized_keys file is properly chmod’ed:

chmod 600 ~/.ssh/authorized_keys

Closing up

A word of warning: though it sounds obvious, you can now connect to the remote machine without a password.

This means if your local machine is compromised, you can assume the remote machine is also.

If this happens, delete the entry in authorized_keys on the remote machine and you’ve closed that security problem.

You can also use this technique if you’re using CVS and don’t want to be prompted for the password all the time.

I hope that’s of help – I know I keep forgetting it so I needed to write it down somewhere!

15 Responses to “ssh without a password”

  1. Dude, this doesn’t work for me. I still get asked for a password.

  2. Permissions on ~/.ssh/authorized_keys need to be 600, or you’ll still get prompted for a password.

  3. @Alex – good stuff – I kept testing it out and it worked locally, but not in other environments – how with the 600 permissions it worked. How’s a clever sys-chap! :-) Cheers!

  4. The Gregster pulls it off again. This works now, cheers Alex.

    Remy, that should be included as part of the tutorial. Thanks for this!

  5. Hi!
    I’ve followed this tips and made it work.
    But my .ssh dir has more then one “authorizedkeys” file. I’ve got 4 of them (authorizedkeys, authorizedkeys2, authorizedkeys3, authorized_keys4).
    The first and the last one have something like this:
    SSH PRIVATE KEY FILE FORMAT 1.1
    followed by a bunch of non-ASCII chars

    In the other two files have:
    ‘ssh-rsa a bunch of chars I presume to be the key== user@host’

    I’ve appended the iddsa.pub to the ‘authorizedkeys2′ and that worked.
    Does anyone knows if the other files are needed? I can delete them?
    Thanks

  6. I had to made a backup, and search for this kind of doc. SSH to another computer it is working, but is I want to made a scp it fails.

    But, using this doc and sftp to copy files works. This if anyone is interesting in this implementation

  7. Thanks for that. I had to do one thing differently though, I had to create a new authorizedkeys2 file which just contained my public key in order for it to work.

  8. Radha Krishnan May 5th, 2010 at 11:47 am

    hi, i did the below, but it still keeps prompting for my password.

    cat .ssh/id_rsa.pub | ssh [email protected] ‘cat >> .ssh/authorized_keys’

    the permissions on the authorized_keys file is 600. what else needs to be done?

    any suggestion would really be helpful

    thanks in advance.

  9. I have the same problem as Radha. In fact, I have copied the authorized_keys file from a system that is working fine to another, and set perms on the dirs and the file itself to exactly the same as the origin. They are both running fedora 12. One works and the other doesn’t. There is a missing piece to getting this working.

  10. I found the answer… SELinux threw this alert: “SELinux is preventing /usr/sbin/sshd “read” access to /root/.ssh/authorized_keys”. The alert included a “Restore Context” button. I clicked it and got a ‘successfully restored’ message. After that remote ssh works without a password.

  11. I struggled with 3 other documents on how to do this until i found this one. worked great, thanks.

  12. Check out ssh-copy-id for maximum awesomeness potential.

  13. NOTE: this only works if your keys are name id_dsa/id_dsa.pub, or id_rsa / id_rsa.pub.

    if you specify a custom name for the key you’ll have to use the -i option on ssh or add/create a ~/.ssh/config file (or the /etc/ssh/config) file.

    I second ssh-copy-id usefulness.

    Thanks for this info

  14. @chris is absolutely correct for OSx, you must use the -i option. Thanks @chris, I didn’t know that OSx wasn’t smart enough to figure out which key to use. When I do this on Linux, it just knows, almost like it compares the keys on this side to the authorized_keys on the server side to see if any of them exist. Granted that would say that OSx is a bit more secure if you think about it but its just a step most don’t think about.

  15. If you have to create your .ssh folder, make sure you chmod it to 755 or it won’t work.

Leave a Reply
Not required

CODE: Please escape code and wrap in <pre><code>, doing so will automatically syntax highlight