How to configure passwordless login in Mac OS X and Linux - Gregg Hosting

The affects of Web Hosts on Your Business Website

Here're ways your choice of web hosting service provider impacts the performance of your business:


check

Website loading speed

check

Uptime and availability

check

Customer support

check

Security

check

Server location

How to configure passwordless login in Mac OS X and Linux

How to configure passwordless login in Mac OS X and Linux

Overview

When you create a shell user and try to log in over SSH, you’ll notice that you have to input your password every time. You can enable Passwordless Login if you don’t want to enter your password every time you log in. This way, you’ll be able to automatically login without having to input your password each time.

The login example in this article is ‘[email protected].’

Make careful to use your actual shell username instead of username.
Make sure to use your GreggHost servername instead of the default.
Passwordless Login may be set up on any Unix, Linux, OSX, or Cygwin machine using the methods below.

On a Dedicated Server, these procedures can also be used to create and assign SSH keys to an admin/root user.

Step 1 — Generating the key pair

On your personal computer, go to:

Using ssh-keygen, generate an RSA private key (unless you have already created one).
Open your terminal and run the following command under your username if you’re using Linux or Mac OS X:
[local]
ssh-keygen -t rsa $ ssh-keygen -t rsa
This generates an rsa (-t) public/private key pair.
Creating an rsa key pair with a public/private key pair.
Enter the path to the file where you want the key to be saved (for example, /home/username/.ssh/id rsa).
The key will be produced with the default name of ‘id rsa’ if you press ‘Enter.’ You can call this whatever you like, but if you do, make sure your SSH client is aware of the new key name. For more information, see Step #3.

If you choose a custom name, make sure you include the complete path to your user’s.ssh directory. If you don’t, the new key pair will be produced in the directory where the command is being run.

Following the creation of the keypair, you will be requested to enter the following information.
To continue, press Enter on your keyboard.
Enter a password here (leave empty for no passphrase).
You are not need to enter a passcode, but it is strongly advised because it protects your private key if it is compromised. If that’s the case, someone would still need your passcode to open it.

The only exception is if you’re running a cron job or another automatic operation. The password should then be removed. ssh-copy-id ssh-copy-id ssh-copy-id s

“All keys used for interactive access should, in general, have a passcode. For fully automated processes, keys without a passcode are handy.”
To continue, press Enter on your keyboard.
Re-enter the same password:
To continue, press Enter on your keyboard.
When you’re done, press Enter on your keyboard.
The message that appears is:
/home/username/.ssh/id rsa contains your identification.
/home/username/.ssh/id rsa.pub contains your public key.

[email protected] ar:bc:d3:9e:g3:1f:63:6f:6b:32:2e:97:ee:42:e1:be ar:bc:d3:9e:g3:1f:63:6f:6b:32:2e:97:ee:42:e1:be ar:bc:d3:9e:g3:1f:63:6f:6

The randomart image for the key is:

 

Step 2 — Copying the public key you just created on your home computer to your DreamHost server

Linux
You have two choices while running Linux. For Mac OS X, you can use ssh-copy-id or the methods below. Both work to copy the public key from your computer to your GreggHost server.

Run the following command on your Linux machine to copy the public key from your local computer to GreggHost’s server.
[local]
[email protected] $ ssh-copy-id -i /.ssh/id rsa.pub
If you receive the error “Too many arguments,” double-check the command. It is necessary to use the -i flag.

The following is the response to this command:
/usr/bin/ssh-copy-id: INFO: trying to log in with new key(s), filtering out those that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remains to be installed == if you’re being prompted now, it’s time to install the new keys.
password for [email protected]:
After you’ve entered your password, you’ll see the following:
The number of key(s) that have been added is: 1
Now use ssh [email protected] to log onto the machine and double-check that only the keys you want were added.

Mac OS X command

To copy the public key from your local computer to GreggHost’s server, run the following command.
ssh [email protected] | [local]$ cat /.ssh/id rsa.pub “mkdir /.ssh; cat >> /.ssh/authorized keys; mkdir /.ssh/authorized keys; mkdir /.ssh/authorized keys; mk
This command requires that your GreggHost account does not already have a /.ssh directory. On your GreggHost server, this command creates the /.ssh directory for you.
Remove the mkdir /.ssh; section while preserving the double quotes if your web server already has a /.ssh directory. For instance, consider the following:
ssh [email protected] | [local]$ cat /.ssh/id rsa.pub “cat >> /.ssh/authorized keys” is a command that displays the contents of the directory /.ssh/authorized keys.
The following is the response to this command:
It is unable to verify the legitimacy of the host’server.dreamhost.com (208.113.136.55)’.
50:46:95:5f:27:c9:fc:f5:f5:32:d4:3a:e9:cb:4f:9f is the RSA key fingerprint.
Are you certain you want to keep connected (yes/no)? yes

Warning: RSA has been added to the list of known hosts as’server.dreamhost.com,208.113.136.55′.

password for [email protected]:
On the SSH Keys page of your panel, you may confirm the fingerprint.
To continue, type ‘yes’.
When prompted, type your ssh username password.
The instructions above create a new folder named /.ssh with 755 permissions under your GreggHost user.

Your authorized keys file, which was copied from your home computer and has 644 permissions, is located in that folder. To further safeguard your keys, perform the following commands to change those permissions.

[server]

/.ssh $ chmod 700
[server]
/.ssh/authorized keys $ chmod 600

Step 3 — Adding your custom key to your ssh client

If you gave your key a unique name in Step #1, you’ll need to complete this step.

You get to name your key pair when you’re making it. The default name is ‘id rsa,’ but you can give it whatever name you choose when you create it. If you give your key a unique name, you’ll need to notify your SSH client about it.

Start ssh-agent to accomplish this. Run the following command to start ssh-agent. Make sure you use the backquote’character rather than a single quote – the backquote character is normally found on the tilde key on the top left of your keyboard:

$ eval’ssh-agent’ [local]
Then run the following command (with customkey rsa replaced with your keyname):

[local]

ssh-add /.ssh/customkey rsa $ ssh-add /.ssh/customkey rsa
You may then execute the following command to see if it’s been added:

[local]

$ ssh-add -l 2048 aa:42:d4:46:81:43:65:7f:4e:53:94:5f:2f:0d:fd:bd aa:42:d4:46:81:43:65:7f:4e:53:94:5f:2f:0d:fd:bd aa:42:d4:46:81:43:65:7f rsa customkey (RSA)
It will react with the fingerprint of your private key. You can verify that fingerprint by producing one from the public file of your custom key.

$ ssh-keygen -l -f [local] customkey rsa.pub \s2048 aa:42:d4:46:81:43:65:7f:4e:53:94:5f:2f:0d:fd:bd server@user (RSA)

Step 4 — Confirming the SSH connection

If everything is set up correctly, you should now be able to log into your GreggHost account using SSH without having to enter a password. Run this command on your home computer, where the original keypair was established.

$ ssh [email protected] [server]$ ssh [email protected]
You should now be able to access your account without a password.

Specifying a key pair for SSH to use

Your client will use the identity (private key) /.ssh/id rsa by default. If you’ve produced multiple keys, you can use the -i flag to specify which one to use when connecting. Consider the following scenario:

[server]$ ssh -i [email protected]/.ssh/customkey
Confirm the identity being used
If you use the -v flag, you can verify the identification (private key) you’re using.

$ ssh -v [email protected] [server]$ ssh -v [email protected]
This will generate a lot of data, but you’ll want to look for these lines to confirm which identity you’re using.

debug1: /home/username/.ssh/id rsa type 1 identity file
debug1: /home/username/.ssh/id rsa-cert type -1 identification file
debug1: RSA public key available: /home/username/.ssh/id rsa
The id rsa key is being utilized in this case.

What happens if you have many key pairs?
You’ll need to add all of your keys to ssh-agent if you have more than one. If you have both an id rsa and a custom key, for example, make sure you use ssh-add to add both (as shown above). This ensures that when connecting, the ‘Offering RSA public key’ line above displays the right key.

Troubleshooting

View the following article for possible remedies if you are not immediately logged in:

Troubleshooting a login that does not require a password