How to create a password-less ssh login

How to create a password-less ssh login

• based on: arctic.org/…up/unattended.html
• Each user can have a single certificate and the pub version is distributed to each server they need to access.

#log in to the client as the user
host=server.com
hostnick=server
luser=localusername
suser=serverusername
#
mkdir -p .ssh
ssh-keygen -t rsa -f .ssh/id_rsa #generate key
############# You will be prompted for a password, press enter for no pw
#
#create .ssh/config file:
echo "host $hostnick" >> .ssh/config
echo "    hostname $host" >> .ssh/config
echo "    user $suser" >> .ssh/config
echo "    identityfile /home/$luser/.ssh/id_rsa" >> .ssh/config
echo "    compression yes" >> .ssh/config
echo "    protocol 2" >> .ssh/config
#echo "    port 7654" >> .ssh/config #optional
chmod -R go-rwx .ssh
#now copy key to host to complete operation
ssh-copy-id -i ~/.ssh/id_rsa.pub $suser@$host
# This will prompt you for the login password for the host, then copy the keyfile for you, creating the correct directory and fixing the permissions as necessary

• Note that the home directory on the server must have secure permissions for this to work. e.g. 750 will work.
• or use:

#manual copy: scp .ssh/id_rsa.pub $suser@$host:tmp
####### you will be prompted here for your normal password
#
ssh $suser@$host
####### you will be prompted here for your normal password
# assume key is in tmp file
mkdir -p .ssh
cat tmp >> .ssh/authorized_keys
chmod -R go-rwx .ssh
rm -f tmp
exit

• Now you can try logging in using:

ssh $hostnick
# now prevent login without the key:
vi /etc/ssh/sshd_config #and change the following line to be:
PermitRootLogin without-password

Reverse SSH

ssh -R 19990:localhost:22 servernick #from the machine to be accessed
ssh -localhost -p 19990 -l ptfwd   #to access the machine (assuming target account is ptfwd)

note that you can add the options: -X -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no