
SSH login without password (authorized_keys) - nocivus
http://diffract.me/2009/07/ssh-login-without-password-authorized_keys/
======
nailer
This article is somewhat out of date. Modern OpenSSH distro's include 'ssh-
copy-id', a single command to transfer, and append one's key to the remote
list ofauthenores keys.

So:

Step 1:

    
    
        ssh-genkey
    

Step 2:

    
    
        ssh-copy-id user@host
    

Done.

~~~
sant0sk1
Actually, step 1 is:

    
    
        ssh-keygen

~~~
nailer
You're right. I'm used to verb-noun commands, which are more popular in Unix,
and the only option in Powershell.

------
surki
Some more SSH tips

1\. Use SSH connection multiplexing

If you are connecting to same computer multiple times, this saves up quite a
bit of time [http://www.revsys.com/writings/quicktips/ssh-faster-
connecti...](http://www.revsys.com/writings/quicktips/ssh-faster-
connections.html)

2\. Use autossh

For a persistent ssh connection (ex. for reverse tunnels)
[http://www.debianadmin.com/autossh-automatically-restart-
ssh...](http://www.debianadmin.com/autossh-automatically-restart-ssh-sessions-
and-tunnels.html)

------
Erwin
1) You should definitely create a passphrase for your private key (you should
only be asked to unlock it once due to ssh-agent). Otherwise if someone gets
hold of your private key they can login to any machine you have set up an
authorized_keys entry on.

2) use ssh-copy-id to install your public key on a remote (and fix up the
permissions on ~/.ssh etc. which for me is the #1 case of key based login not
working).

~~~
stuff4ben
_and fix up the permissions on ~/.ssh etc. which for me is the #1 case of key
based login not working_

DOH! I just spent the past 15 minutes trying to figure out why it wasn't
working until I stumbled upon my .ssh directory having worldly permissions.
Was just about to come here and post the same thing. chmod 700 is your friend!

~~~
jerf
ssh -vv (with more or fewer vs) is also your friend. IIRC it tells you about
the permission error either there or in the sshd log, and you can also find a
lot more errors in the -vv output.

You should run ssh -vvv on a normal, working connection at least once to get a
sense of what normal output is.

------
bcl
He also flubbed using ssh-agent. Usually it is run from the login script once.
You then do a ssh-add to add your identity to it. Once that is done you don't
need to enter your password for that session anymore. You can even allow ssh
on other systems to access your agent so you can ssh to another machine, ssh
from that machine to a 3rd which will use your agent for the key info.

Never leave your key without a passphrase!

A good series of articles on ssh bt Brian Hatch can be found here -
<http://www.hackinglinuxexposed.com/articles/20021211.html>

------
ovi256
I connect to remote machines several times in a typical workday, and this
helps to save a bit of time. Furthermore, it allows some non-obvious
behaviour, like closing the connection as soon as I did what I wanted. This
avoids leaving a ssh session open in which you may erroneusly type a command
intended for your local machine. An "svn up" on the wrong machine car ruin
your day.

------
Tichy
Isn't that a bit of a security issue? One machine in the network hacked, they
are all gone? Then again, hacker's could just install keyloggers if they get
hold of one machine. But it would be a bit more effort.

~~~
dtf
Speaking of which:

 _According to the MAN documentation for ssh-keygen, host keys must have an
empty passphrase, so just leave it blank._

We're not making a host key here, are we? Shouldn't a passphrase be employed?

------
antipax
Obscuring his public key tells me this guy doesn't quite understand what the
point of public-private key encryption is.

~~~
nocivus
I know the public key is supposed to be public, hence no point in obscuring. I
just got carried away ;)

~~~
antipax
My apologies if I offended you; I just wanted to point it out.

~~~
nocivus
No worries. I don't take anything personally ;)

------
nocivus
Thanks for all the tips, everyone :D

