JIYIK CN >

SSH key-based authentication has two levels of security. In order for us to log in, we need both the private key and the password. Even if one of them is compromised, the attacker still won’t be able to log into our account because both of them are needed to log in. This is much better than typical password-based authentication, which can give an attacker access to the system if the password is compromised.

There are two ways to execute ssh and scp without entering a password:

• No password . When creating a key pair, leave the password blank. Use this option for automated batch processing. For example, if we are running a cron job to copy files between machines, this is a suitable choice.
• Using a password and SSH agent . If we use ssh and scp interactively from the command line and we don't want to use a password every time we do ssh or scp, I don't recommend the previous option (no password) because we have eliminated a level of security in ssh key-based authentication. Instead, use a passphrase when creating a key pair and use an SSH agent to perform ssh and scp without entering a password every time, as described in the steps below.

The following 8 steps explain how openSSHto perform SSH and SCP from the local host to the remote host without entering a password on the system

1. Verify that openSSH is running on both the local and remote hosts

[jiyik.com@local-host]$ ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006

[jiyik.com@remote-host]$ ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006

2. Use ssh-keygen to generate a key pair on the local host

[jiyik.com@local-host]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jiyik/.ssh/id_rsa):<Hit enter>
Enter passphrase (empty for no passphrase): <Enter your passphrase here>
Enter same passphrase again:<Enter your passphrase again>
Your identification has been saved in /home/jiyik/.ssh/id_rsa.
Your public key has been saved in /home/jiyik/.ssh/id_rsa.pub.
The key fingerprint is:
31:3a:5d:dc:bc:81:81:71:be:31:2b:11:b8:e8:39:a0 jiyik@local-host

The public and private keys are usually stored in the .ssh folder under your home directory. In this case, it is located under /home/jiyik/.sshd . We should not share the private key with anyone.

By default, the ** openSSH** on the server ssh-keygenwill generate an RSA key pair. We can also use ssh-keygen -t dsathe command to generate a DSA key pair.

3. Install the public key on the remote host.

Copy the contents of the public key from your local host and paste it into /home/jsmith/.ssh/authorized_keys on the remote host . If /home/jiyik/.ssh/authorized_keys already has some other public keys, we can append this to the end of it. If the .ssh directory under the remote host's home directory does not exist, create it.

[jiyik.com@remote-host]$ vi ~/.ssh/authorized_keys 
ssh-rsa ABIwAAAQEAzRPh9rWfjZ1+7Q369zsBEa7wS1RxzWR jiyik@local-host

Simply put, copy local-host:/home/jiyik/.ssh/id_rsa.pub to remote-host:/home/jiyik/.ssh/authorized_keys

4. Grant appropriate permissions to the .ssh directory on the remote host.

[jiyik.com@remote-host]$ chmod 755 ~/.ssh
[jiyik.com@remote-host]$ chmod 644 ~/.ssh/authorized_keys

5. Log in to the remote host from the local host and use SSH key authentication to verify that it works properly.

[jiyik.com@local-host]$ <You are on local-host here>

[jiyik.com@local-host]$ ssh -l jsmith remote-host
Enter passphrase for key '/home/jiyik/.ssh/id_rsa': <Enter your passphrase here>
Last login: Sat Jun 07 2022 23:03:04 -0700 from 192.168.1.102
No mail.

[jiyik.com@remote-host]$ <You are on remote-host here>

6. Start SSH agent on the local host to perform ssh and scp without entering the password multiple times.

Verify if SSH agent is already running, if not start it as shown below.

[jiyik.com@local-host]$ ps -ef | grep ssh-agent
 511       9789  9425  0 00:05 pts/1    00:00:00 grep ssh-agent
 
[jiyik.com@local-host]$ ssh-agent $SHELL
 
[jiyik.com@local-host]$ ps -ef | grep ssh-agent
 511       9791  9790  0 00:05 ?        00:00:00 ssh-agent /bin/bash
 511       9793  9790  0 00:05 pts/1    00:00:00 grep ssh-agent

7. Load the private key into the SSH agent on the local host.

[jiyik.com@local-host]$ ssh-add
Enter passphrase for /home/jiyik/.ssh/id_rsa: <Enter your passphrase here>
Identity added: /home/jiyik/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)

Following are ssh-addthe different options available in :

• ssh-add: Load a specific key file.
• ssh-add -l : List all keys loaded in the ssh agent.
• ssh-add -d: Remove a specific key from the ssh agent
• ssh-add -D : delete all keys

8. SSH or SCP from the local host to the remote home directory without entering a password.

[jiyik.com@local-host]$<You are on local-host here>

[jiyik.com@local-host]$ ssh -l jsmith remote-host
Last login: Sat Jun 07 2022 23:03:04 -0700 from 192.168.1.102
 No mail.
<ssh did not ask for passphrase this time>
[remote-host]$ <You are on remote-host here>