Source www.thegeekstuff.com 2008 Jun 10
In this article, I’ll explain how to perform ssh and scp without entering the password using the SSH Public Key authentication with SSH Agent on openSSH
There are two levels of security in the SSH key based authentication. In order for you to login, you need both the private key and the passphrase. Even if one of them is compromised, attacker still cannot login to your account, as both of them are needed to login. This is far better than typical password based authentication, where if the password is compromised, attacker can gain access to the system.
There are two ways to perform ssh and scp without entering the password:
Following 8 steps explains how to perform SSH and SCP from local-host to a remote-host without entering the password on openSSH system
[local-host]$ ssh -V OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
[remote-host]$ ssh -V OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
[local-host]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):<Hit enter> Enter passphrase (empty for no passphrase): <Enter your passphrase here> Enter same passphrase again:<Enter your passphrase again> Your identification has been saved in /home/jsmith/.ssh/id_rsa. Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub. The key fingerprint is: 31:3a:5d:dc:bc:81:81:71:be:31:2b:11:b8:e8:39:a0 jsmith@local-host
The public key and private key are typically stored in .ssh folder under your home directory. In this example, it is under /home/jsmith/.sshd. You should not share the private key with anybody.
By default the ssh-keygen on openSSH generates RSA key pair. You can also generate DSA key pair using: ssh-keygen -t dsa command.
Copy the content of the public key from the local-host and paste it to the /home/jsmith/.ssh/authorized_keys on the remote-host. If the /home/jsmith/.ssh/authorized_keys already has some other public key, you can append this to the end of it. If the .ssh directory under your home directory on remote-host doesn’t exist, please create it.
[remote-host]$ vi ~/.ssh/authorized_keys ssh-rsa ABIwAAAQEAzRPh9rWfjZ1+7Q369zsBEa7wS1RxzWR jsmith@local-host
In simple words, copy the local-host:/home/jsmith/.ssh/id_rsa.pub to remote-host:/home/jsmith/.ssh/authorized_keys
[remote-host]$ chmod 755 ~/.ssh [remote-host]$ chmod 644 ~/.ssh/authorized_keys
[local-host]$ <You are on local-host here> [local-host]$ ssh -l jsmith remote-host Enter passphrase for key '/home/jsmith/.ssh/id_rsa': <Enter your passphrase here> Last login: Sat Jun 07 2008 23:03:04 -0700 from 192.168.1.102 No mail. [remote-host]$ <You are on remote-host here>
Verify whether SSH agent is already running, if not start it as shown below.
[local-host]$ ps -ef | grep ssh-agent 511 9789 9425 0 00:05 pts/1 00:00:00 grep ssh-agent [local-host]$ ssh-agent $SHELL [local-host]$ ps -ef | grep ssh-agent 511 9791 9790 0 00:05 ? 00:00:00 ssh-agent /bin/bash 511 9793 9790 0 00:05 pts/1 00:00:00 grep ssh-agent
[local-host]$ ssh-add Enter passphrase for /home/jsmith/.ssh/id_rsa: <Enter your passphrase here> Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)
Following are the different options available in the ssh-add:
ssh-add <key-file-name>: Load a specific key file. ssh-add -l: List all the key loaded in the ssh agent. ssh-add -d <key-file-name>: Delete a specificy key from the ssh agent ssh-add -D: Delete all key
[local-host]$<You are on local-host here> [local-host]$ ssh -l jsmith remote-host Last login: Sat Jun 07 2008 23:03:04 -0700 from 192.168.1.102 No mail.
<ssh did not ask for passphrase this time>
[remote-host]$ <You are on remote-host here>