Your concern
You want to automate tasks under Linux, and therefore need an SSH login as ʻUser a’ from Computer A, to Computer B as ʻUser b’ – without needing a password. Nevertheless the connection should be secure.
The principle
Use SSH with Public Keys. Instead of passwords, SSH then uses a pair of private and public keys to log in.
The procedure
First create a key pair on Computer A as user ʻUser a’. Make sure that this is saved without a passphrase (simply press Return twice):
a@A> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A
Now log in (this time still with a password) on Computer B
as User b
. There create the directory .ssh
in the home directory of b
(if this already exists, it's fine):
b@B> mkdir -p ~/.ssh
In the third and final step, b@B
must allow access with the initially generated key. The safest way to do this from A
is to use the following command (where you must enter the password one last time):
a@A> cat ~/.ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
The public part of the key pair for User b
is then appended to the .ssh/authorized_keys
text file. Several keys are permitted in this file – one key per line.
If you have done everything correctly, it must now be possible to log in without a password. You can check this, for example, with:
a@A> ssh b@B hostname
B
Copying files with scp
also works without entering a password.
Notes for other SSH versions
Depending on your version of SSH, you may need to consider the following:
- The authorisation file may be called
authorized_keys2
. - The rights for
.ssh
may need to be700
(chmod 700 .ssh
) - The rights for
.ssh/authorized_keys2
may need to be640
.
Security advice
With the procedure described here, the key on Computer A
is not encrypted. An attacker who gains access to Computer A
as User a
will automatically have access to Computer B
as User b
.