- Published on
Login Automatically With SSH Keys
- Authors
- Name
- Kevin van Zonneveld
- @kvz
With SSH you can securely login to any Linux server and execute commands remotely. You can even use SSH to transfer and synchronize files from one server to another. Automating these tasks can make your life easier, but normally SSH prevents that because it requires you to login every time. Well, not anymore, in this article I will show you how to connect to SSH without a password.
About SSH Keys
SSH keys allow machines to identify each other without you having to type the password every time. First we need to generate a key (it's nothing more than a randomly generated sequence of bytes, see it as a fingerprint) on the machine you're going to make the connection from. And then you install that unique key on the machine that needs to accept the connection.
Little Helper Script
Installing keys takes quite a couple of commands, not very easy to remember either. And if you have multiple servers, you might even want to automate the process of installing keys. No worries, I did this for you. So just download the helper script and install it. Open a terminal, and type:
$ su - # If you're going to use the keys to automate tasks, become root first
$ mkdir -p ~/bin
$ curl https://raw.github.com/kvz/deprecated/kvzlib/bash/programs/instkey.sh -ko ~/bin/instkey.bash \
&& chmod u+x $_
Running the Script: Installing Keys
Now with the script in place, installing SSH keys is easy. To allow easy
access to server.example.com just open a terminal and type:
$ ~/bin/instkey.bash server.example.com
The first time you run the script, it will create the necessary keys, when it
asks for a pass phrase, just hit enter. Then it logs in at
server.example.com (now you need to enter the server's password for the last
time ; ), and it saves the key.
Installing ssh Keys Under a Different User
Make sure you are logged in as the user you want to have passwordless ssh
access. Let's say this user is called: kevin.
Goto the place you downloaded the instkey.sh script to, and type:
$ ./instkey.bash server.example.com kevin
Notice the second argument? This will make sure keys from kevin aren't remotely installed to root, but to kevin as well. Easy right?
Congratulations! You can now type
$ ssh server.example.com
And you'll be logged in right away! Another great idea is to use this technology to automatically synchronize files with rsync.
Pitfalls
- Of course you should really be careful where and when to install ssh keys, because if one machine is compromised, it's very easy for a cracker to hop to the next system without logging in. So choose wisely when to use this technology.
- Keys are user specific. So if you're going to run programs as root that need to automatically login to systems, you must also install the key as root.
Legacy Comments (23)
These comments were imported from the previous blog system (Disqus).
Why recommend to skip the passphrase? Always secure your private keys with a passphrase or your in deep, deep trouble when someone can steal the key.
You might say that you are back to where you started, entering passphrases instead of passwords every time you want to access a remote machine. But you can simply run \'ssh-add\' when you login and your passphrase will be remembered until you log out again.
@ Manni: Thanks I didn\'t know about that. But what about cronjobs? Do you know if you can automate ssh-add as well?
You are right, cron-jobs make this a little more complicated, but it still works.
This article has some good information: http://www.ucolick.org/~sla...
Not only can you use passphrase-protected keys with cron jobs, you can also secure the remote machine so that it will only execute a certain command for a certain key.
@ Manni: I will look into it, thanks again!
Yea, it didn\'t work.
@ Jeff: It would help if you\'d be more specific.
Make sure you update and re-generate all your keys on Debian-derived distros ..
Beautiful little code, it really works!!
I\'ve learned a little today, thanks!:-)
It didn\'t work...
@ Luke Stanley: Could you be more specific?
You forgot to document a requirement of your script - the second host name argument for hostnames other than root@host.
An example is Puppy Linux\'s use of user Spot@host, for ssh rather than root. If you enter Spot@host, your script actually tries to use root@spot@host.
You did include code to allow non-root installation with the following two argument syntax:
instkey.bash host username
but you forgot to mention it.
Hope this helps!
@ Steve: You are correct, I\'ve updated the artciel. Thanks for helping out!
This worked great for me thanks. I actually ported the script to Python for no real reason except that I like to keep all my little tools in Python. :)
If its useful to anyone, you can see it here:
http://pk-designs.com/tmp/i...
@ Mike: Took a look at the source, and it looks cool Mike, thanks for sharing.
what if the ssh port is different from the default 22 ?
@ Mohamed: That\'s currently not supported in the script. You may want to hack it in there by using the -p switch behind ssh.
I\'m currently in the process of building a centralized bash library over at http://kvzlib.net, I may build support into it over there if needed.
hi, this is a great post thanks. Do you know any way to automate this if the remote system is an ftp server?
@ dave: This only works for ssh. But since SFTP communicates over SSH, it could work if you\'re using SFTP. No need for special configuration or anything.
Though you may want to specify a user like this:
[CODE=\"bash\"]
dave@localhost# ./instkey.bash sftp.yourserver.com dave
[/CODE]
Awesome little script Kevin, I\'ve done this the hard way before but I didn\'t feel like \"thinking\" this time. :)
Good Karma sent your way....
tanks for script, its work...
but how to remove installed key ???
@ Greg: Thanks ;)
@ achmad: You\'d still have to do that manually. But it\'s easy. just remove the public key (1 line) form the authorized_keys file at the remote end.
The script doesn't exist any more!
I can't download http://kevin.vanzonneveld.n...
:(
@ JoGoFo: Thanks, I've updated the article!