Let’s assume we have two Linux running machines, one of them is ‘client’ and other is ‘server’. Task lies in allowing client to access server via ssh securely without a need to type password by hands. It’s usually useful to perform some operations that are to be done without user intervention (for example copying backup data files from client to server through ‘scp’).First of all it’s necessary to make sure that server we’re going to access to supports public key authentication. To enable it just add lines ‘RSAAuthentication yes’ and ‘PubkeyAuthentication yes’ to /etc/ssh/sshd_config at server machine. After that restart ssh daemon (sshd) by executing command ‘/etc/init.d/ssh restart’ or ‘service ssh restart’ (depends on Linux distribution you use).

After it’s done we should generate public RSA key at client machine and copy it to the list of authorized keys at server.

At client machine execute (leave passphrase empty):

ssh-keygen -t rsa

this would create public key at /home/your_login/.ssh/id_rsa.pub.

Then copy generated key to server (for example by ‘scp’ command):

scp /home/your_login/.ssh/id_rsa.pub server_login@server_ip_address:/tmp

After client’s public key is copied to /tmp/id_rsa.pub, login to server and perform the following operation. Add client’s key to authorized keys list by executing command:

mkdir /home/server_login/.ssh #only if it’s needed

cat /tmp/id_rsa.pub >> /home/server_login/.ssh/authorized_keys

When it’s done try to login to server from client:

ssh server_login@server_ip_address

Please note it’s important to copy client’s public key to user’s directory you’re going to login with (in this example it’s sever_login).

Good luck, mates!

Little update: it’s also necessary to uncomment lines in /etc/ssh/sshd_config at server:

RSAAuthentication yes
PubkeyAuthentication yes

And then restart ssh daemon e.g. by command:

/etc/init.d/ssh restart

 

1 Comment

 

  1. March 22, 2009  9:28 pm by Warez Forum Reply

    Commenting usually isnt my thing, but ive spent an hour on the site, so thanks for the info

Leave a reply

 

Your email address will not be published.