Skip to content

Configuration of SSH for Password less Authentication

yye00 edited this page Mar 21, 2012 · 6 revisions

The following needs to be made bigger. Users are strongly discouraged to tamper with the keys we generate for them. They can add public keys to $HOME/.ssh/authorized_keys2 (they will have to create this file).

Note: Many supercomputers already generate keys automatically for their users. In these case nothing else needs to be done. Do not tamper with the automatically generated keys.

How to create password less logins?

Follow the below steps to create password logins from the primary machine to the target machine {{{ On your primary machine where you want your secret keys to live (let's say philip), type

ssh-keygen -t dsa

This will prompt you for a secret passphrase. If this is your primary identity key, make sure to use a good passphrase. If this works right you will get two files called id_dsa and id_dsa.pub in your .ssh dir.

Note: it is possible to just press the enter key when prompted for a passphrase, which will make a key with no passphrase. This is a "Bad Idea" for an identity key, "so don't do it!" See below for uses of keys without passphrases.

Copy the content of id_dsa.pub file and append it to the target machines .ssh/authorized_keys file. If authorized_keys file is not accessible. then just create .ssh/authorized_keys2 file and paste the key.

Now target machine is ready to accept your ssh key. How to tell it which keys to use? The ssh-add command will do it. For a test, type

ssh-agent sh -c 'ssh-add < /dev/null && bash' This will start the ssh-agent, add your default identity(prompting you for your passphrase), and spawn a bash shell.

From this new shell you should be able to: ssh target_machine This should let you in without typing a password or passphrase. You can ssh and scp all you want from this bash shell and not have to type any password or passphrase.

Test whether you have a password less login to the target machine by executing the below simple command. ssh <hostname> /bin/date This command should execute without password input.