Linux and Passwordless Login To A SSH Sever
This is a follow up to my tutorial about setting up a secure shell server on an iPhone. The problem with the first tutorial is that you have to type in your password everytime you want to login. This is can get annoying, especially if you connect a lot. For example, you would have to type in your password everytime you sync your iPhone over WiFi or do debugging on it (more on that later). In this tutorial, I will show you how you can set it up in a way such that you won’t have to type in the password. This tutorial should also work with any SSH server (as long as it is not explicitly disabled), not just on an iPhone.
Passwordless login is very good for convenience and it is relatively secure. It works by generating a private-public key on your Linux PC and copying the public key to the iPhone. Then when you connect, the SSH server checks your private key against the public key, and if they match, it lets you in. You cannot compare a public key with another public key, so if someone steals your iPhone, they won’t be able to get in. Heck, you can even post your public key on your website and let others download it. However if someone steals your private key, then they will be able to get in. So make sure to project your private key! To read more about private-public key authorization, read the Simple Wikipedia page.
- Linux based PC. This guide was tested on Ubuntu Lucid. Also a Mac OS X computer might work also, I have not tried.
- iPhone with a SSH server installed. Again, follow this guide if you do not know how to install it.
- Make sure you have the OpenSSH client installed on your PC.
sudo aptitude install openssh-client
- Create a private/public key pair using the following command. It will ask you some questions, but just hit enter to accept the defaults. If you already have a SSH key, you can skip this step. By default, the key pair is saved into ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub, where the .pub file is the public key. That is the one you want to copy. If you saved your key pair somewhere else, don’t forget to edit the location in any of the future steps.
ssh-keygen -t rsa
- Append the contents of the public key into the ~/.ssh/authorized_keys file on the iPhone. The following command does just that. Don’t forget to replace 192.168.1.111 with the IP address of your iPhone.
ssh email@example.com "mkdir -p ~/.ssh && echo `cat ~/.ssh/id_rsa.pub` >> ~/.ssh/authorized_keys"
- Try to login to your iPhone. You shouldn’t be asked for the password if everything worked.
- Repeat steps 1-4 on any additional computers that you own and will use to connect to your iPhone. For step 3, make sure that you append the contents of your public keys as a new line at the end of the authorozed_keys file.