Managing multiple ssh connection is tedious when each time you have to use password to log in. But ssh login process can be made password less/automatic. This can be done using public and private pair. This guide will explain how these keys will be created and used to achieve password less ssh login process on any Mac OS X or Linux systems.
All the files related to ssh login process will be stored in “~/.ssh ” directory. If not present, create this directory inside home directory.
Then the public and private key pairs will be created. This tutorial is valid only when you try to login from the same system with the same user. The public key content will be shared with the remote host. When you try to login with ssh to the remote host, the public key is decrypted using the private key available locally. Private key shouldn’t be shared with anyone.
Change to the home directory and create .ssh directory.
cd ~/ mkdir .ssh
Change the permissions to read/write/execute for the user.
chmod go-rwx .ssh
Enter into .ssh directory.
cd .ssh
Create your private and public key pair without any password. These key pairs will help for password less login. But a password can be provided to the private key by specifying the password after the -P flag.
Create public and private key pair.
vm1:~% ssh-keygen -b 1024 -t rsa -f id_rsa -P "" Generating public/private rsa key pair. Your identification has been saved in id_rsa. Your public key has been saved in id_rsa.pub. The key fingerprint is: 2c:88:cb:a1:54:18:15:06:ae:9a:1d:38:9a:71:62:b3 gyanesh@vm1 The key's randomart image is: +--[ RSA 1024]----+ | oo+. | |. + | | o . | |.... . . | |*+= . . S | |=@o+ . | |*E+ | | | | | +-----------------+
List the contents of .ssh directory to confirm if the keys are created.
vm1:~/.ssh% ls -la -rw------- 1 gyanesh mac 887 Aug 30 21:29 id_rsa -rw-r--r-- 1 gyanesh mac 229 Aug 30 21:29 id_rsa.pub
‘id_rsa’ is private key and ‘id_rsa.pub’ is public key with the extension ‘.pub’. Don’t share the private key with anyone.
Now the public key details need to be shared with the remote host to which you want to login using ‘ssh’. To share the Public Key, login to the remote host by using the current password. Then create the “.ssh” directory inside home directory if not present as we did for our own host. Then if not present, create ‘authorized_keys’ file inside the ‘.ssh’ directory.
remote:~/.ssh% touch authorized_keys
Copy the content of the public key to the ‘authorized_keys’ file of the remote host on a new line. If the file is in read-only mode, change the file permission to update with the public key details. After the update, change the permission back to read only mode for security.
Give write permission to the file authorized_keys.
remote:~/.ssh% chmod u+w authorized_keys
Copy id_rsa.pub content to authorized_keys file and then remove the write permission.
remote:~/.ssh% chmod u-w authorized_keys remote:~/.ssh% ls -la total 20 drwx------ 2 gyanesh mac 4096 Aug 30 21:32 . drwxr-xr-x 5 gyanesh daemon 4096 Aug 30 21:32 .. -r--r--r-- 1 gyanesh mac 244 Aug 30 21:32 authorized_keys
Now, when you try to connect to remote host using SSH, no password will be required as the remote computer has your public key which get decrypted by the private key held in your local ‘.ssh’ directory for authentication.
Extra Note:
If you login to the remote host a number of times during the day, you don’t want to enter the complete ssh command with the username and URL every time. This process can also be replaced by a simple command using alias feature.
Create an alias command in .bash_profile file inside home directory.
vm1:~/.ssh% cd ~ vm1:~% vim .bash_profile
alias remote-login=’ssh gyanesh@remotedomain.com’
Reload the shell/terminal by sourcing the .bash_profile file or create a new shell/terminal.
vm1:~% source ~/.bash_profile
Now you can login using the alias only.
vm1:~% remote-login
withgyanesh 