SSH with no password*, no username, and SSH host aliases.

Want to increase convenience at the potential expense of security? Don’t we all. Well here’s how to authenticate without passwords*, and make aliases for your hosts while you’re at it.

First of all let me get that * out of the way. While it is possible to set up ssh logins with no password at all using this method, I recommend using a password when creating your key pair. This will give one master password shared between all logins that only needs to be entered once per session.

First of all you need to create a public/private key pair. I’ll assume you haven’t already done this.

 user@machine:~$ ssh-keygen -t dsa -f ~/.ssh/id_dsa

It will prompt for a password. You should use one here, and use this key pair for several hosts. This would give the same password across all of the hosts. Or, you can just leave it blank. If you do that, then if anyone gets your private key file, they can access all of the servers that have your public key file. So especially if you leave the password blank, protect your private file! You should now have 2 files in .ssh/. One will be your private key (id_dsa) and the other will have a .pub extension. Now,

 user@machine:~$ scp ~/.ssh/id_dsa.pub user@remote_host:.ssh/

Then log into the remote host,

 user@machine:~$ ssh anotheruser@remote_host

And move the key into the authorized_keys file

anotheruser@remote_host:~$ cd .ssh 
anotheruser@remote_host:~/.ssh$ cat id_dsa.pub >> authorized_keys2

And set the file permissions, if the file didn’t already exist.

anotheruser@remote_host:~/.ssh$ chmod 640 authorized_keys2

and delete the .pub file

anotheruser@remote_host:~/.ssh$ rm id_dsa.pub

You can now log out of the remote host. Try logging in again, it should just ask for the master password. For subsequent logins, no password should be needed. Now, how about setting up an alias for the host name, and having SSH remember your login name? On the local system open the ~/.ssh/config file. Create it if necessary. Simply set up the aliases like this:

Host mybox 
User anotheruser # remote login, if different 
Hostname mybox.somedomain.com 


Host anotherbox 
Hostname anotherbox.anotherdomain.org 

Once this is all set up, you should be able to ssh mybox, and the system will automatically select user name ‘myname’ and use the DSA key pair instead of a password.

Leave a Reply

XHTML: You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>