keyed login
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
About
With Linux and similar systems, it is possible to set up access from a client to a server in such a way that it is unnecessary to manually enter a password. This technique actually makes the server more secure, since you are using public key encryption which is kind of like using a much longer password but never actually transmitting it (and it's all handled automatically).
Once this has been set up, a number of commands including ssh and rsync can connect without a password. This is especially useful for scripts, since otherwise you would have to have the password in plaintext within the script or in some other plaintext file.
How To
- On the client: Generate a public/private key pair using ssh-keygen
- Add the public key file (~/.ssh/id_rsa.pub) from the client to ~/.ssh/authorized_keys on the host.
- If the latter file doesn't already exist, then it can just be a direct copy of id_rsa.pub.
- If the latter file does already exist, then id_rsa.pub can just be appended to authorized_keys.
- The following command should work for either case:
cat .ssh/id_rsa.pub | ssh user@host 'cat >> .ssh/authorized_keys'
- It may be necessary to manually log on once to the client from the host (using the same usernames as above) in order to add the client to the host's known_hosts file; I'm not sure about this part. Need to test.
- Manually log on from the client to the host to make sure that the host is added to the client's known_hosts file, otherwise the verification prompt may interrupt any processes trying to log on automatically.
- If you disable logins now (e.g. via Webmin's "No login allowed" option), you will still be able to log in from a client with an authorized key.
Specific commands for doing this may be found here.