Robert Cudmore    archive    tags    search    software


Auto login to ssh servers

In order to automatically login to an ssh server, you need to generate public/private rsa key pairs on a client and copy these keys to an ssh server. Next time you login from the client to the server, you won’t need to enter your password.

You should learn and understand a bit about ssh and its security implementations, mostly rsa. Your privacy is only as good as your ability to keep your keys secret, here is a recent example of a nifty ‘side channel attack‘ to obtain your secret keys.

In what follows I am setting up automatic rsa authentication from a client to a server:

[Client] Generate public/private rsa key pair

ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/cudmore/.ssh/id_rsa): 
/Users/cudmore/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/cudmore/.ssh/id_rsa.
Your public key has been saved in /Users/cudmore/.ssh/id_rsa.pub.
The key fingerprint is:
a3:73:53:ee:68:54:37:e9:aa:64:68:4d:30:c3:4f:3a cudmore@localhost
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|     .           |
|      = .    .   |
|       B  . +    |
|      E S..o .   |
|       *.+  .    |
|      =.* ..     |
|     . =.+.      |
|       .o..      |
+-----------------+

[Client] id_rsa.pub from the client to the ssh server (need to enter password)

scp ./.ssh/id_rsa.pub pi@192.168.1.70:~/id_rsa.pub

[Client] Login to the ssh server (last time you will need a password)

ssh pi@192.168.1.70

[Server] Copy the key into the correct location (on the server)

cat id_rsa.pub >> ./.ssh/authorized_keys

[Server] Delete the original (on the server)

rm ./id_rsa.pub

[Client] The next time you login you will not be asked for a password

ssh pi@192.168.1.70

Notes

Fun

-ssh -o VisualHostKey=yes pi@192.168.1.70

Tags: linux

©2017. Robert Cudmore.