SSH/SSH2 Password-less Authentication
A great little guide to setting up two accounts so that you don’t have to type in your password when sshing between them. btw, OS X uses OpenSSH. I don’t know what it is for other platforms.
Basic Idea
No-password authentication works because of public key crypto. Let’s say you have a local machine Ooga and a remote machine Booga. You want to be able to ssh from Ooga to Booga without having to enter your password. First you generate a public/private RSA key pair on Ooga. Then you send your public key to Booga, so that Booga knows that Ooga’s key belongs to a list of authorized keys. Then when you try to ssh fromOoga to Booga, RSA authentication is performed automagically.
Here are detailed steps on how to do this.
NOTE: The following examples and scenarios assume you are creating only a single key, e.g. one RSA key or one DSA key. If it turns out that you’ve created both keys on your (client) system, then you will need to send both of them to the SSH/SSH2 server; otherwise, you may still be asked to enter a passphrase.
ssh1
If you’re using ssh1, then do this:
ooga% ssh-keygen -f ~/.ssh/identity
This will generate a public/private rsa1 key pair. When it asks you to enter your passphrase, just hit return (i.e. leave it empty). Now you need to send your public key to the remote server.
ooga% cd .ssh ooga% scp identity.pub user@booga:~/.ssh
Now you need to log into Booga and add Ooga’s public key to Booga’s list of authorized keys.
ooga% ssh user@booga booga% cd .ssh booga% cat identity.pub >> authorized_keys booga% chmod 640 authorized_keys booga% rm -f identity.pub
That’s it! You can now ssh from Ooga to Booga without entering your password.
ssh2
It’s harder for ssh2. There are two common implementations of ssh2: OpenSSH and SSH2. Let’s say we want to ssh from Ooga to Booga. If Ooga and Booga both run the same implementation then it’s easy. Otherwise, we need to do some extra work to make them talk to each other properly.
My particular situation is that my local machine is running Windows 2000 with the Cygwin tools and OpenSSH 3.2.x. The remote machines may either have OpenSSH or SSH2. I’ll cover these two cases below.
ssh2: Ooga = OpenSSH, Booga = OpenSSH
First, generate a public/private DSA key pair on Ooga.
ooga% ssh-keygen -t dsa -f ~/.ssh/id_dsa
When you are asked for a passphrase, leave it empty. Now send the public key to Booga.
ooga% cd .ssh ooga% scp id_dsa.pub user@booga:~/.ssh
Next, log in to Booga and add the public key to the list of authorized keys.
ooga% ssh user@booga booga% cd .ssh booga% cat id_dsa.pub >> authorized_keys2 booga% chmod 640 authorized_keys2 booga% rm -f id_dsa.pub
Note that the filename is authorized_keys2, not authorized_keys. That’s it; you’re ready to ssh from Ooga to Booga without having to enter a password.
ssh2: Ooga = OpenSSH, Booga = SSH2
First, generate a public/private DSA key pair on Ooga.
ooga% ssh-keygen -t dsa -f ~/.ssh/id_dsa
When you are asked for a passphrase, leave it empty. This key is stored in a format that OpenSSH can use, but SSH2 cannot. You need to export the key to a format that SSH2 understands.
ooga% ssh-keygen -e -f .ssh/id_dsa.pub > id_dsa_ssh2_ooga.pub
Note: the exact flags you need to specify may differ in your case. Check the man pages if the line above doesn’t work. Now send the exported public key to Booga.
ooga% scp id_dsa_ssh2_ooga.pub user@booga:~/.ssh2/
Note: the target directory is .ssh2, not .ssh. Next, log in to Booga and add the public key to the list of authorized keys.
ooga% ssh user@booga booga% cd .ssh2 booga% cat >> authorization key id_dsa_ssh2_ooga.pub booga% chmod 640 authorization
For SSH2, there is an authorization file in which you list the file names of the authorized public keys. Note that this step is different than the case in which Booga is running OpenSSH.
Now you are ready to ssh from Ooga to Booga without having to enter a password.
Leave a comment
Bookmark
//burnz.blog 
nice!
I did that, using reflection server and openssh client, converted public keys but it still does not work.
I am able to get it to work in the other direction, openssh server and reflection client, but I need it to work in the way that was mentioned in your blog. Am I missing something, do I need to modify a config file somewhere? Your help would be appreciated.
Thanks
John, make sure the SSH version and type of SSH (OpenSSH or SSH2).
If possible, paste in both your server SSH version here, and I will try to do something with it.
use ‘ssh -V’ to get the version (without quote).
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7a Feb 19 2003
i followed your guide still doesn’t work
Hi 1nsane,
Please provide the ssh version for both of the server.
I switch from Reflection F-ssh ver 6 to ver 7.0.0. , when i switch to ver 7 mu password less doen;t work, give me error Server refused our public key , so i suspect the problem in config file.
thanks
kair TJ
Good post., man
I can tell that this is not the first time you mention this topic. Why have you chosen it again?
Whats up very cool website!! Guy .. Excellent .. Superb .. I’ll bookmark your site and take the feeds also?I’m glad to search out numerous useful info right here within the submit, we want work out more techniques in this regard, thanks for sharing. . . . . .
Hey there this is kind of of off topic but I was wondering if blogs
use WYSIWYG editors or if you have to manually code with HTML.
I’m starting a blog soon but have no coding skills so I wanted to get guidance from someone with experience. Any help would be enormously appreciated!
The challenge we face when we want to approach people,
who we believe are of high stature, is that all we see is the façade, which is created
around them, not the real person underneath. If you sense your guy’s drive is dwindling, whip out some dirty talks.
Everyday as they grow they may have questions and clarification and expect tough questions as they mature.