Vineet Manohar's blog

This simple tutorial explains how to SSH to a remote machine without typing your password. You can use this technique if you find yourself logging in to the same machine frequently and find typing your password tedious. It is also useful in scenarios when you have a script which needs to pull some files from a remote machine or perform a task on a remote machine via SSH, and you want to run this script automatically without having a human to type a password.

These instructions work on Linux and Mac. You can achieve the same result on Windows using Putty, but I haven’t documented the putty specific instructions here.

Goal: to login from local machine to Remote server via ssh without typing password

Step 1 of 2 : On local machine: Generate Authentication Keys

Authentication keys are a pair of private and public keys. The public key is [like] your login. Unlike a conventional login name, the public key is 2-3 lines long and looks like gibberish. Don’t worry, you never have to type it manually. Your private key is [like] your password, but much longer that a regular password. You can generate your public and private keys by typing the following command:

ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/vineetmanohar/.ssh/id_rsa):

Accept the default choice. Hit enter.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Hit enter twice. A passphrase encrypts your private key so that no one can see it. However, you should NOT encrypt your private key if you want a password-less login.

The key fingerprint is:
5e:26:52:34:a1:22:18:68:11:11:7d:8d:c6:d5:4b:bf vineetmanohar@vineetmanohr.com

What just happened?

On your local server you just created 2 files in your ~/.ssh directory.

 cd ~/.ssh
 ls -l

-rw------- 1 vineetmanohar vineetmanohar 1675 2009-07-17 17:27 id_rsa
-rw-r--r-- 1 vineetmanohar vineetmanohar  411 2009-07-17 17:27 id_rsa.pub

id_rsa contains your private key. id_rsa.pub contains your public key.

Step 2 of 2 : On remote machine: authorize password less login

Login to remote machine

ssh hostname -l username

The authenticity of host 'vineetmanohar.com (XXX.XXX.XXX.XX)' can't be established.
RSA key fingerprint is 44.2b:93:ce:1b:1b:99:3a:6d:91:d1:50:aa:0d:87:40.
Are you sure you want to continue connecting (yes/no)?

Type yes and hit enter.

Warning: Permanently added 'vineetmanohar.com,XXX.XXX.XXX.XX' (RSA) to the list of known hosts.
username@vineetmanohar.com's password:

Enter your password, and hit enter.
Create a .ssh directory on the remote machine and create a authorized_keys file in that directory. You need to copy the entire contents of your local machine’s ‘id_rsa.pub’ and paste it in the .authorized_keys file on the remote server.

mkdir -p .ssh
chmod 700 .ssh
cd .ssh
touch authorized_keys
chmod 600 authorized_keys
vi authorized_keys
# copy-paste the entire contents of your local machine's ~/.ssh/id_rsa.pub file in authorized_keys
# logout
exit

Important: Make sure you have the right permissions for .ssh directory and authorized_keys file, as shown in chmod command above otherwise SSH will not honor your authorized_keys.

You should now be able to login to the remote server without typing your password.

# type this command from your local machine
ssh hostname -l username

SSH should log you in without password! Now, you can also scp or rsync (over ssh) without having to enter your password.

Related posts:

1. How to automatically recover Tomcat from crashes