Sunday, January 25, 2009

SSH without Password

Generally, every time you connect with ssh (secure shell) to a remote computer, you will be directed to fill out the password. You must enter your password on the remote computer. See description below :


[
msmunir@msmunir1 ~]$ ssh msmunir@202.46.3.xx
msmunir@202.46.3.xx's password:
Last login: Thu Jan 15 10:20:52 2009 from 202.46.3.yy
msmunir@serpong5:~ #


In fact, you can connect to a remote computer without a password. Because basically the remote computer is able to remember your password. The question is how is the remote computer is able to remember the password?

To do all this, you must create a key pair or key pairing. These keys will be placed on both site, your local computer and your remote computer. But you must remember your password on both computers must be the same.

Step #1 : make key pairing on local computer

[msmunir@msmunir1 ~]$ cd .ssh/
[msmunir@msmunir1 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/msmunir/.ssh/id_rsa):
/home/msmunir/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/msmunir/.ssh/id_rsa.
Your public key has been saved in /home/msmunir/.ssh/id_rsa.pub.
The key fingerprint is:
13:9b:eb:a4:41:5e:28:46:3c:0a:f1:d3:34:da:6a:8d msmunir@msmunir1.batan.go.id
The key's randomart image is:
+--[ RSA 2048]----+
|. o |
| o * . |
|. + * . |
| . B . . + |
| E + o S |
| . . + . o |
| o o |
| = |
| . . |
+-----------------+
[msmunir@msmunir1 .ssh]$

Step #2 : Check out the content of id_ras.pub file

[msmunir@msmunir1 .ssh]$ more id_rsa.pub
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEA1nqwTFg3IoUoUdyAQ65R+26ipEX42L7C3NcBcYEEtY78
lT/qeSaPIPGyfiMXCOeGtghQ12Msrflott+AblAxizERwvNPjeI0DcxSXTbE15R7M5SjOSSKz1wCIyBi
IK5Bi5iIY36K3wqoGSfkekcbtGQKbf+vftwtlsTdrXVO0WMPxoTwJBNGxgljT45JaGyM7KiZpWMFTPBo
jGOiMJY6xV416ZnFlxpKUIMyoKvlysefxI3bw2LnbcDswadpYJInGfqp9pywaMPoA976C43dkmimTLfs
juTFHWSlv8AS4QWuMFev72y9vGVoZ21Fc0dSE3WJ7ovT7d14G6Tf75tBrw==
msmunir@msmunir1.ba
tan.go.id
[msmunir@msmunir1 .ssh]$

Step #3 : Export key (id_rsa.pub file) to remote computer

On remote computer use othername, like id_rsa.pub.lenovo. Use SCP command line to copy
between to host.

[msmunir@msmunir1 .ssh]$ scp id_rsa.pub msmunir@202.46.3.xx:/home/msmunir/id_rsa.pub.lenovo
Password:
id_rsa.pub 100% 410 0.4KB/s 00:00
[msmunir@msmunir1 .ssh]$

Step #4 : Try to connect to remote computer with SSH

[msmunir@msmunir1 .ssh]$ ssh msmunir@202.46.3.xx
Password:
Last login: Sat Jan 24 10:15:08 2009 from 125.160.111.198
Have a lot of fun...
msmunir@linux-3ilu:~> ls
bin Desktop Documents id_rsa.pub.lenovo public_html
msmunir@linux-3ilu:~>

Step #5 : Check the directory of .ssh. If doesn't exist, create it with SSH to other computer.

msmunir@linux-3ilu:~> ssh msmunir@202.46.3.yy
The authenticity of host '202.46.3.yy (202.46.3.yy)' can't be established.
RSA key fingerprint is d9:ca:72:a0:f9:5e:ab:1b:f7:ab:40:0e:b5:44:b0:2a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '202.46.3.yy' (RSA) to the list of known hosts.
msmunir@202.46.3.yy's password:
Last login: Fri Jan 23 05:02:43 2009 from 125.160.106.131
[msmunir@ppin-msmunir2 ~]$

Don't forget to exit

[msmunir@ppin-msmunir2 ~]$ exit
Connection to 202.46.3.yy closed.
msmunir@linux-3ilu:~>

Step #6 : Copy id_ras.pub to directory .ssh with othername, such as authorized_keys

msmunir@linux-3ilu:~> ls
bin Desktop Documents id_rsa.pub id_rsa.pub.lenovo public_html
msmunir@linux-3ilu:~> cp id_rsa.pub.lenovo /home/msmunir/.ssh/authorized_keys
msmunir@linux-3ilu:~> cd .ssh/
msmunir@linux-3ilu:~/.ssh> ls -l
total 8
-rwxr-xr-x 1 msmunir users 410 2009-01-24 10:29 authorized_keys
-rw-r--r-- 1 msmunir users 393 2009-01-24 10:26 known_hosts
msmunir@linux-3ilu:~/.ssh> exit
logout
Connection to 202.46.3.xx closed.
[msmunir@msmunir1 .ssh]$

Step #7 : Test SSH to remote computer

[msmunir@msmunir1 .ssh]$ ssh msmunir@202.46.3.xx
Last login: Sat Jan 24 10:25:45 2009 from 125.160.102.43
Have a lot of fun...
msmunir@linux-3ilu:~>

It's works.
by. msmunir@batan.go.id

No comments:

Post a Comment