Wednesday, January 4, 2012

Login without a password.

ssh-keygen
hmm... This is use to generate the private and public keys to authenticate ssh. Yesterday i had to use this command to generate a public key as per our network admins request. [You are wrong... he's a good one..! ;)] He told me that i don't need to type the password each and every time when i'm connecting to the GIT. [mm...  it's a version control system like SVN.]
Fortunately it light up a new idea. [yes... new for me.. :D] 
Ok.. These are the steps.

1) $> ssh-keygen -t rsa         : Generate private/public rsa keys.

         Enter file in which to save the key (/home/kumudu/.ssh/id_ras) : <return>
         Enter passphrase (empty for no passphrase):  <return>

         Enter same passphrase again:  <return>
         Your identification has been saved in /home/kumudu/.ssh/id_rsa.
         Your public key has been saved in /home/kumudu/.ssh/id_rsa.pub.
         The key fingerprint is:
         67:5b:54:e8:1f:eb:46:7a:00:3b:72:33:9a:cc:d3:32 kumudu@hmslp030
         The key's randomart image is:
         +--[ RSA 2048]----+
          |                          ..  |
          |                         ..   |
          |                        ..    |
          |                       ... .  |
          |                 S oo.. o |
          |                 .o*o. +  |
          |                o *.+ =   |
          |                   E . . +  |
          |                    +   o   |
         +-------------------+

Ok... Your public key is in /.ssh/id_rsa.pub file. 

2) $> ssh-add      :  This will add the generated keys to ssh. (If you miss this you will get a message like "Agent admitted failure to sign using the key." while connecting to the remote machine.  [I spend lot of time to find this...])

3) Copy that public key onto remote machines' .ssh/authorized_keys file. (mmm... normally this file doesn't exist. Just create a new file named "authorized_keys" in .ssh folder and copy the public key into it.)

4) Then make the file permission as follows. (Actually i don't know the exact reason for this. Without this permission ssh refuse to use the key)
       $> chmod 600 .ssh/authorized_keys

5) $> ssh <profile_name>@<remote_host>


hmmm... thats all.. I tested it on fedora machine and ubuntu machine. 

Advantages.
  • If someone ask for login to your machine through ssh, simply ask him to send the rsa public key. Then add it to your autherized_keys file. [you don't need to expose your password]
  • The other person don't need to remember your password. [yes.. yes... only the ip ;)]
  • If you want to stop him just remove the key... 



Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)