{"id":623,"date":"2019-09-06T23:27:06","date_gmt":"2019-09-06T22:27:06","guid":{"rendered":"https:\/\/notiz.comanet.xyz\/?p=623"},"modified":"2019-09-06T23:27:06","modified_gmt":"2019-09-06T22:27:06","slug":"ssh-login-without-password-using-ssh-keygen-ssh-copy-id","status":"publish","type":"post","link":"https:\/\/notiz.comanet.xyz\/?p=623","title":{"rendered":"SSH Login Without Password Using ssh-keygen & ssh-copy-id"},"content":{"rendered":"\n

You can login to a remote Linux server without entering password in 3\n simple steps using ssky-keygen and ssh-copy-id as explained in this \narticle.
\n
\n ssh-keygen<\/strong> creates the public and private keys. ssh-copy-id<\/strong>\n copies the local-host\u2019s public key to the remote-host\u2019s authorized_keys\n file. ssh-copy-id also assigns proper permission to the remote-host\u2019s \nhome, ~\/.ssh, and ~\/.ssh\/authorized_keys.
\n
\nThis article also explains 3 minor annoyances of using ssh-copy-id and how to use ssh-copy-id along with ssh-agent.
\n<\/p>\n\n\n\n

Step 1: Create public and private keys using ssh-key-gen on local-host<\/h3>\n\n\n\n
jsmith@local-host$ [Note: You are on local-host here]\n\njsmith@local-host$ ssh-keygen\n<\/strong>Generating public\/private rsa key pair.\nEnter file in which to save the key (\/home\/jsmith\/.ssh\/id_rsa):[Enter key]\nEnter passphrase (empty for no passphrase): [Press enter key]\nEnter same passphrase again: [Pess enter key]\nYour identification has been saved in \/home\/jsmith\/.ssh\/id_rsa.\nYour public key has been saved in \/home\/jsmith\/.ssh\/id_rsa.pub.\nThe key fingerprint is:\n33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host<\/pre>\n\n\n\n
Step 2: Copy the public key to remote-host using ssh-copy-id<\/h3>\n\n\n\n
jsmith@local-host$ ssh-copy-id -i ~\/.ssh\/id_rsa.pub remote-host<\/strong>\njsmith@remote-host's password:\nNow try logging into the machine, with \"ssh 'remote-host'\", and check in:\n\n.ssh\/authorized_keys\n\nto make sure we haven't added extra keys that you weren't expecting.<\/pre>\n\n\n\n
Note:<\/strong> ssh-copy-id appends<\/strong> the keys to the remote-host\u2019s .ssh\/authorized_key.<\/p>\n\n\n\n
Step 3: Login to remote-host without entering the password<\/h3>\n\n\n\n
jsmith@local-host$ ssh remote-host<\/strong>\nLast login: Sun Nov 16 17:22:33 2008 from 192.168.1.2\n[Note: SSH did not ask for password.]\n\njsmith@remote-host$ [Note: You are on remote-host here]<\/pre>\n\n\n\n

\nThe above 3 simple steps should get the job done in most cases.
\n
\nWe also discussed earlier in detail about performing SSH and SCP from openSSH to openSSH<\/a> without entering password.
\n
\nIf you are using SSH2, we discussed earlier about performing SSH and SCP without password from SSH2 to SSH2<\/a> , from OpenSSH to SSH2<\/a> and from SSH2 to OpenSSH<\/a>.
\n<\/p>\n\n\n\n
Using ssh-copy-id along with the ssh-add\/ssh-agent<\/h3>\n\n\n\n
When no value is passed for the option -i<\/em> and If ~\/.ssh\/identity.pub<\/em> is not available, ssh-copy-id<\/em> will display the following error message.<\/p>\n\n\n\n
jsmith@local-host$ ssh-copy-id -i remote-host\n\/usr\/bin\/ssh-copy-id: ERROR: No identities found<\/pre>\n\n\n\n

\nIf you have loaded keys to the ssh-agent<\/em> using the ssh-add<\/em>, then ssh-copy-id<\/em> will get the keys from the ssh-agent<\/em> to copy to the remote-host. i.e, it copies the keys provided by ssh-add -L<\/em><\/strong> command to the remote-host, when you don\u2019t pass option -i<\/em> to the ssh-copy-id<\/em>.<\/p>\n\n\n\n
jsmith@local-host$ ssh-agent $SHELL\n<\/strong>\njsmith@local-host$ ssh-add -L<\/strong>\nThe agent has no identities.\n\njsmith@local-host$ ssh-add<\/strong>\nIdentity added: \/home\/jsmith\/.ssh\/id_rsa (\/home\/jsmith\/.ssh\/id_rsa)\n\njsmith@local-host$ ssh-add -L<\/strong>\nssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV\naHrtPhTYpq7kIEMUNzApnyxsHpH1tQ\/Ow== \/home\/jsmith\/.ssh\/id_rsa\n\njsmith@local-host$ ssh-copy-id -i remote-host<\/strong>\njsmith@remote-host's password:\nNow try logging into the machine, with \"ssh 'remote-host'\", and check in:\n\n.ssh\/authorized_keys\n\nto make sure we haven't added extra keys that you weren't expecting.\n[Note: This has added the key displayed by ssh-add -L]<\/pre>\n\n\n\n
Three Minor Annoyances of ssh-copy-id<\/h3>\n\n\n\n
Following are few minor annoyances of the ssh-copy-id.
\n<\/p>\n\n\n\n
  1. Default public key:<\/strong> ssh-copy-id uses ~\/.ssh\/identity.pub as the default public key file (i.e when no value is passed to option -i<\/em>).\n Instead, I wish it uses id_dsa.pub, or id_rsa.pub, or identity.pub as \ndefault keys. i.e If any one of them exist, it should copy that to the \nremote-host. If two or three of them exist, it should copy identity.pub \nas default.<\/li>
  2. The agent has no identities:<\/strong> When the ssh-agent<\/em> is running and the ssh-add -L<\/em>\n returns \u201cThe agent has no identities\u201d (i.e no keys are added to the \nssh-agent), the ssh-copy-id will still copy the message \u201cThe agent has \nno identities\u201d to the remote-host\u2019s authorized_keys entry.<\/li>
  3. Duplicate entry in authorized_keys:<\/strong> I wish \nssh-copy-id validates duplicate entry on the remote-host\u2019s \nauthorized_keys. If you execute ssh-copy-id multiple times on the \nlocal-host, it will keep appending the same key on the remote-host\u2019s \nauthorized_keys file without checking for duplicates. Even with \nduplicate entries everything works as expected. But, I would like to \nhave my authorized_keys file clutter free.<\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"
    You can login to a remote Linux server without entering password in 3 simple steps using ssky-keygen and ssh-copy-id as explained in this article. ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host\u2019s public key to the remote-host\u2019s authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host\u2019s home, ~\/.ssh, and ~\/.ssh\/authorized_keys. This…<\/p>\n","protected":false},"author":1,"featured_media":624,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-623","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/notiz.comanet.xyz\/index.php?rest_route=\/wp\/v2\/posts\/623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/notiz.comanet.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/notiz.comanet.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/notiz.comanet.xyz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/notiz.comanet.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=623"}],"version-history":[{"count":1,"href":"https:\/\/notiz.comanet.xyz\/index.php?rest_route=\/wp\/v2\/posts\/623\/revisions"}],"predecessor-version":[{"id":625,"href":"https:\/\/notiz.comanet.xyz\/index.php?rest_route=\/wp\/v2\/posts\/623\/revisions\/625"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/notiz.comanet.xyz\/index.php?rest_route=\/wp\/v2\/media\/624"}],"wp:attachment":[{"href":"https:\/\/notiz.comanet.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/notiz.comanet.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/notiz.comanet.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}