So many of the posts out there about this seem to leave us hanging. This post outlines how to log in to Linux without a password and addresses some of the gotchas that seem to creep up along the way. We manage enough servers that it’s nice to be able to get in and around quickly.
I’ll try to outline the way to do it and then address some of the gotchas that come up.
Make yourself a private key on the machine you’ll be coming *from*. This is how to do it using a Mac or Linux. Windows people, I wish you luck with something like cygwin or using your SSH program to do this. If you’re using Linux servers, maybe you can do this on the main machine you log in to, then go from there as your “home base.”
Open up your shell.
% ssh-keygen -t rsa
Just hit enter for the passphrase (that kind of defeats the purpose of what we’re doing). The default is to put the file it makes in your $HOME directory (echo $HOME). For this example, I’m assuming that’s what you did.
If it didn’t exist already, this will have created a directory called .ssh in your home directory and created 2 files inside it:
-rw------- 1 myuser myuser 1671 May 24 2007 id_rsa
-rw-r--r-- 1 myuser myuser 400 May 24 2007 id_rsa.pub
You need to copy the contents of the id_rsa.pub to your clipboard.
% cat id_rsa.pub
Copy it. It should looks something like this (not my actual key, of course):
ssh-rsa kjakjhasdhjfjkahsgdfhjkgasdjkhgfajkshdgfhjags834yg
swdhjgfjkashgdfjkhasgdfjkhgasdjkhfgasjkhdgfjkhasgdfjkhgasdjk
fhgasdcvjhasgdfjhkqg34jhkqgwejkhfgaskjhdgfkjhasgdfkjhagsd== [email protected]
Now ssh to the machine you want to log in automatically.
% ssh 123.45.67.8
Enter your password as normal. Once logged in, let’s check to see if you have an ssh directory.
% ls -la
If you see .ssh, cd into it. Otherwise, mkdir .ssh and cd into it. Now we just need to add your key to your authorized_keys file. This next command will either add to what you have already or create it if it doesn’t exist.
% cat >> authorized_keys
Now paste the key you copied above. Hit enter to get to a new line and then Ctrl-D to stop editing.
To make sure that there aren’t any issues with permissions, make sure that only this user can read the file.
% chmod 600 authorized_keys
Now let’s make sure that this directory has similar permissions. Go back up a directory and fix the permissions
% cd ../
% chmod 700 .ssh
That should do it. Try opening up a new shell window and log in.
% ssh 123.45.67.8
That should get you in without having to enter a password.
Extra credit: I think it’s helpful to make sure you have hosts mapped in your /etc/hosts file (Mac / Linux) if the IP or host you’re using doesn’t have a convenient name for you. Windows XP users, this is conveniently located in your c:\Windows\system32\drivers\etc\hosts file. Of course, other systems vary.
In that file, just make an entry like this:
123.45.67.8 server5
And save it. On a Linux system you may need to restart the network to have it take effect.
% /etc/rc.d/init.d/network restart
Now you can just ssh to the name:
% ssh server5
Need to troubleshoot? See what /var/log/secure says about it.
