Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Commands & Shells

Configuring Passwordless SSH

Submitted by on July 23, 2011 – 11:02 am 5 Comments

Passwordless SSH works by pre-sharing public encryption keys. It is important to understand that setting up passwordless SSH opens your servers to certain security risks. A compromised user account on one server may allow the attacker to gain access to multiple systems on the network. Try to avoid using passwordless access for accounts with elevated privileges.

The first step is to take a look at what you have in your ~/.ssh directory. If you do not see files called “id_rsa” and “id_rsa.pub”, then you need to generate them:

ssh-keygen -b 2048 -t rsa

When prompted for a passphrase, leave it blank (just hit “Enter” twice).

Now you need to copy the “id_rsa.pub” to the destination SSH server:

ssh-copy-id -i ~/.ssh/id_rsa.pub username@host

You will need to enter your password to complete this task. After this step you should be able to just type “ssh username@host” and log in without being prompted for password.

If you need to copy the “id_rsa.pub” to a large number of remote hosts, having to enter your password every time can get tiresome. The alternative is to use the expect utility to handle the tedious work. Enter all the hostnames into a file – one per line – called server_list and use the following script:

cat server_list | while read host
do
	expect -c "
	set timeout 5
	spawn ssh-copy-id -i /home/username/.ssh/id_rsa.pub username@${host}
	expect "ssword:" { send "yourpasswordr" }
	expect eof"
done

It is important to use the explicit path to your “id_rsa.pub” file. Do not use “~” or “$HOME” global variables.

Print Friendly, PDF & Email

5 Comments »

  • borabora5524 says:
    March 22, 2013 at 1:31 am

    I’m on a Mac on Network “A”, and I am trying to get to another computer that is in Network “B”, so I can access my home account. However, Network “B” has 3 computers — a Mac, and 2 PCs. Is there a way that I could use SSH on the Mac on “A” to connect to “B”?

    Reply to this comment »
  • encyclopath says:
    March 25, 2013 at 5:41 pm

    My webhosting company allows me to use SSH for my website. Does this mean I could SSH in the Linux os and launch the files need to run the dedicated server? Or is the SSH limited to just the website root directory?

    Reply to this comment »
  • ouch says:
    March 26, 2013 at 3:49 am

    Internal ssh works fine, but from Internet I can not connect to Cisco or even to computers that connected to cisco

    Reply to this comment »
  • heavenly sword says:
    March 29, 2013 at 11:40 am

    I have my own dedicated server running Linux Cent OS. I need to know the SSH command line to find out the current WordPress version for all my 25 websites hosted on it.

    Please help.

    Thanks in advance.

    Reply to this comment »
  • Coffee t says:
    March 31, 2013 at 6:54 am

    I have downloaded ssh program but i do not know how to use it. Must i install this program to the host computer (remote computer that i want to connect it) ? is the host name is the IP address? what is the differences between user name and the host name that are required to connect to the remote computer.What is the port number?

    Reply to this comment »

1 Pingbacks »

Leave a Reply

%d bloggers like this: