Passwordless ssh logins

The following process may be used to generate a ssh protocol 2 rsa key pair and to configure an ssh server for passwordless ssh logins.

Even though we are using passwordless ssh logins, we will still assign the private key a passphrase. We will use ssh-agent to prompt us once for the private key passphrase when starting the X Window System. After that, we will not have to enter our passphrase again during our entire X session. If you are not running X or want to learn more about ssh-agent or other ways to use ssh keys, please read the excellent HOWTO: set up ssh keys.

OpenSSH instructions

These steps were used on an OpenSSH client and server.

First, generate your OpenSSH protocol 2 rsa key (you may use -t dsa if you want to use dsa keys):
ssh-keygen -t rsa

You will be prompted for a passphrase for your private key. Although you are not required to passphrase-protect your private key, it is considered good practice to do so. Your passphrase should ideally consist of a difficult-to-guess phrase or sentence containing several symbols and/or numbers.

Append the contents of your public key to the authorized_keys file on the remote OpenSSH server:
cat ~/.ssh/id_rsa.pub | ssh remote_server "cat - >> ~/.ssh/authorized_keys"

If you are using the X Window System, start X with the following command:
ssh-agent startx

From a terminal or from your desktop environment (ex. GNOME, KDE), run the following command to prompt for your private key passphrase:
ssh-add

All terminals and subprocesses spawned within X will remember your private key passphrase.


ssh.com instructions

1. Generate a 1024-bit ssh.com protocol 2 rsa key.
ssh-keygen -b 1024 -t rsa

You will be prompted for a passphrase for your private key. Although you are not required to passphrase-protect your private key, it is considered good practice to do so. Your passphrase should ideally consist of a difficult-to-guess phrase or sentence containing several symbols and/or numbers.

2. Append the name of your public key to the authorization file on the remote ssh.com server:
echo "id_rsa_1024_a.pub" | ssh remote_server "cat - >> ~/.ssh2/authorization"

3. Add the name of your private key to the identification file on the local server:
echo "IdKey id_rsa_1024_a" > ~/.ssh2/identification

More information at Google Groups.

Back to brandonhutchinson.com.

Last modified: 01/13/2004