Password less SSH Authentication using public/private keys

banner_525x75

SSH gives you remote access to a Linux machine, just like you are sitting physically with the keyboard attached to it. One of the main reasons why people use ssh is because its secure, all communication is encrypted and packets can not be sniffed during connection.

How ever if some one knows your SSH password then your server/personal computer is compromised even though SSH transmission is encrypted. The best way to make sure that no one is able to access your machine through SSH is authentication using public/private keys, lets dive into how it works.

Use case

Machine A : 10.20.30.1

Machine B : 192.168.1.5

We need to connect to machine B ( IP : 192.168.1.5 ) from A without entering password.

Step 1:

Generate a key pair, login to machine A, make sure you login to the user who is going to access the remote machine, i.e

user tom on machine A needs access to machine B, you must login to machine A tom user.

Once logged into to user tom on machine A, run the following command

It will ask for the file name to save the key in

Just press enter and accept the default file name, do not enter the file name.

After that you will be asked for the pass-phrase just press (for the re-confirmation as well)

After that your public/private key pair will be stored in

/home/user/.ssh/

User : user will be the current logged in user (tom in our case), the whole process would look something like this.

Now your private key is : id_rsa

And public key is : id_rsa.pub

Both are stored in .ssh directory.

Step 2

Move the public key to machine B, so that password less authentication can work, you can use any method that suits you to move your key to machine B. I am going to use scp since its very easy.

Change your directory to ‘.ssh’, by entering ‘cd .ssh’

Here when you enter the   ls command you may see 2 or 3 files.

These 3 files might be in your .ssh directory, our concern is with the  id_rsa.pub

file, execute he following command to move this file to machine B

Important : Please note that I’ve used following string in this command tom@192.168.1.5:/

That means on machine B we will be able to log into user tom without password (and no other user), now public key reside on the remote machine.

Step 3

Login to machine B using following command

Enter password for user tom and you will be logged in ( this is the last time you are going to enter password for machine B )

Now execute the following commands to move the private key to appropriate file

Now your key will be moved to user tom .ssh directory (which is inside its home), and in the file name authorized_keys (Make sure the file name is authorized_keys)

All you have to do is move id_rsa.pub file  under user tom .ssh directory with file name authorized_keys.

Step 4

Come back to machine A, and issue the following command

And you will be logged in without the ssh password prompt.

 

o5bu5fjle5fwjn6ozf75la

Leave a comment

Your email address will not be published. Required fields are marked *