Skip to content
Jun 30 / kkrizka

Linux and Passwordless Login To A SSH Sever

This is a follow up to my tutorial about setting up a secure shell server on an iPhone. The problem with the first tutorial is that you have to type in your password everytime you want to login. This is can get annoying, especially if you connect a lot. For example, you would have to type in your password everytime you sync your iPhone over WiFi or do debugging on it (more on that later). In this tutorial, I will show you how you can set it up in a way such that you won’t have to type in the password. This tutorial should also work with any SSH server (as long as it is not explicitly disabled), not just on an iPhone.

Passwordless login is very good for convenience and it is relatively secure. It works by generating a private-public key on your Linux PC and copying the public key to the iPhone. Then when you connect, the SSH server checks your private key against the public key, and if they match, it lets you in. You cannot compare a public key with another public key, so if someone steals your iPhone, they won’t be able to get in. Heck, you can even post your public key on your website and let others download it. However if someone steals your private key, then they will be able to get in. So make sure to project your private key! To read more about private-public key authorization, read the Simple Wikipedia page.

Requirements

Instructions

  1. Make sure you have the OpenSSH client installed on your PC.

     

    sudo aptitude install openssh-client
  2. Create a private/public key pair using the following command. It will ask you some questions, but just hit enter to accept the defaults. If you already have a SSH key, you can skip this step. By default, the key pair is saved into ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub, where the .pub file is the public key. That is the one you want to copy. If you saved your key pair somewhere else, don’t forget to edit the location in any of the future steps.
    ssh-keygen -t rsa
  3. Append the contents of the public key into the ~/.ssh/authorized_keys file on the iPhone. The following command does just that. Don’t forget to replace 192.168.1.111 with the IP address of your iPhone.
    ssh root@192.168.1.111 "mkdir -p ~/.ssh && echo `cat ~/.ssh/id_rsa.pub` >> ~/.ssh/authorized_keys"
  4. Try to login to your iPhone. You shouldn’t be asked for the password if everything worked.
    ssh root@192.168.1.111
  5. Repeat steps 1-4 on any additional computers that you own and will use to connect to your iPhone. For step 3, make sure that you append the contents of your public keys as a new line at the end of the authorozed_keys file.

9 Comments

Leave a comment
  1. hen dos / Jun 30 2010

    How can one configure 3 Cisco 2960 switches using Dynamips or GNS3, the switches link with thier Gigabit Ethernet interfaces?

  2. hen dos / Jul 1 2010

    It’s strange how in the past couple days, two things that I’ve known could be done (and wanted to know how to do), but -hadn’t- known how to do have appeared here. (The multiple file-renaming was the other.)

  3. hen parties / Jul 1 2010

    On an extra note, one can clear the keychain (keychain –clear) on every login using .bash_profile just in case. 😉

  4. hen parties / Jul 4 2010

    Check out the ssh-copy-id command. It will take care of appending your public key onto the remote system.

    • Karol Krizka / Jul 4 2010

      Yes, I am familiar with that command. However it is not available on all distributions. Also it is not available on Mac OS X.

  5. hen dos / Jul 14 2010

    Is this method secure enough for a production environment? It would seem that some would want the added security of forcing a password for authentication. Plus it helps one remember their password, if they are using it to login often. I typically change the ssh port for added security.

  6. hen dos / Aug 1 2010

    If you get a prompt about a new key, just accept it. The happens the first time you connect to an ssh server.

  7. Deann Reese / Dec 24 2010

    Is this method secure enough for a production environment? It would seem that some would want the added security of forcing a password for authentication. Plus it helps one remember their password, if they are using it to login often. I typically change the ssh port for added security.

Trackbacks and Pingbacks

  1. Setting Up A Public GIT Repository With GoDaddy Shared Hosting | Karol Krizka
Leave a comment
Cancel reply