Configure key based authentication in SSH to allow users to login without entering their password. Key based authentication uses public key cryptography to make sure only the owner of the correct private pair logs in through SSH. If the user logs in using password based authentication anyone knowing that user’s password can login. But with key based authentication only the person possessing the correct private key pair for the public key located on the SSH server can login. To add more security you can even add a passphrase to the SSH key.
In this setup the client will be called client.ssh.com and server server.ssh.com and the user would be temp. The procedure involves generating a pair of SSH keys (private and public) from client.ssh.com, adding the contents of the public key to the authorized_keys in server.ssh.com. The key can be generated in RSA or DSA algorithms. It is preferable to use DSA as it is more secure. To generate enter the following command
ssh-keygen -t dsa
it will ask you for the location the default is /home/username/.ssh/id_dsa then the passphrase. You can enter a passphrase or press enter leaving it blank if you don’t want a passphrase. The passphrase has nothing to do with your password. The private and public keys will be stored with the names
/home/username/.ssh/id_dsa
/home/username/.ssh/id_dsa.pub
The file with the .pub extension is the public key which has to be added to the list of authorized_keys in server. You can do this with secure file copy which uses SSH
scp ~/.ssh/id_dsa.pub server.ssh.com:~/
If you are connecting to the server for the first time you’ll be prompted that the authenticity of the host ‘server.ssh.com’ cannot be established. Type yes to establish the connection, enter the password for your username on server.ssh.com and the file will be copied to /home/username in server.ssh.com. To add that key to the list of authorized keys connect to the server using SSH
ssh server.ssh.com
enter the password and execute the following commands on server.ssh.com
cat ~/id_dsa.pub >> ~/.ssh/authorized_keys
rm ~/id_dsa.pub
After add the public key it is always advisable to remove the public key file. Type exit to come back to client.ssh.com. Now try connecting to the server again
ssh server.ssh.com
This time you’ll be prompted for the passphrase of the key you generated enter it and you’ll be logged in. If you didn’t enter any passphrase you’ll directly be logged in!
Leave a Reply