SSH login without password

Loging into a remote machine using SSH protocol to administer it is a daily activity for most of the system administrators. SSH is considered as one of the highly secure remote login methods. Usually we have to supply a username and password pair to login to the remote machine. But some times it becomes necessary to login to the remote machine without entering a password. From the security point of view this practice is discouraged but if you have to do scripting which involves remote access you don't have another choice.

To achieve ssh login without password, we have to use authentication based on public keys.

Scenario:

You have a local machine "LinuxBox1" in which you have logged in as "safeer". You want to login to "LinuxBox2" as "nebu" without password. Remember that you should know the password of Nebu on LinuxBox2 at least until the set up is complete. This is not a way to impersonate as other users, you have to have privilege to use the account on the remote machine.

Now generate the public/private key pair.

[safeer@linuxbox1 ~]$ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/safeer/.ssh/id_dsa):
Created directory '/home/safeer/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/safeer/.ssh/id_dsa.
Your public key has been saved in /home/safeer/.ssh/id_dsa.pub.
The key fingerprint is:
fd:e3:b0:a5:35:09:6c:c4:14:25:ae:3d:85:dd:82:5d safeer@linuxbox1

This will create a directory .ssh in the home directory (if not already exist) and the permission will be 0700.
/home/safeer/.ssh/id_dsa is the private key for this user
/home/safeer/.ssh/id_dsa.pub is the public key
Permissions for files will be
-rw------- id_dsa
-rw-r--r-- id_dsa.pub
Leave your passphrase as blank(press return key).
Here I have used the DSA encryption algorithm to create the private/public key pair. Alternatively, you can use RSA algorithm (which actually is the default) for which the command will be "ssh-keygen -t rsa"

To login to Linuxbox2 as Nebu, append the public key /home/safeer/.ssh/id_dsa.pub to /home/nebu/.ssh/authorized_keys
(If this file is not already there create it with permission 600)

[safeer@linuxbox1 ~]$scp .ssh/id_dsa.pub nebu@linuxbox2:/home/nebu
nebu@linuxbpx2's password:
[safeer@linuxbox1 ~]$ssh nebu@linuxbox2
nebu@linuxbox2's password:
Last login: Wed Feb 7 09:25:01 2007 from linuxbox5
[nebu@linuxbox2 ~]$mkdir .ssh
[nebu@linuxbox2 ~]$chmod 0700 .ssh
[nebu@linuxbox2 ~]$cat id_dsa.pub >> .ssh/authorized_keys
[nebu@linuxbox2 ~]$chmod 0600 .ssh/authorized_keys
[nebu@linuxbox2 ~]$rm -f id_dsa.pub

Or you can use this single command:

[safeer@linuxbox1 ~]$cat .ssh/id_dsa.pub |ssh nebu@linuxbox2 "mkdir .ssh;chmod 0700 .ssh;cat >> .ssh/authorized_keys;chmod 0600 .ssh/authorized_keys"
nebu@linuxbpx2's password:
[safeer@linuxbox1 ~]$
Everything is setup now. Just try

[safeer@linuxbox1 ~]$ssh nebu@linuxbox2
Last login: Wed Feb 7 09:35:08 2007 from linuxbox1
[nebu@linuxbox2 ~]$

Now you can use ssh,scp and sftp without password.
Please note that to work this public key authentication should be enabled on the server by editing the file "/etc/ssh/sshd_config"

and add/edit the entry

# Allow Identity Auth for SSH2?
PubkeyAuthentication yes