How to ssh/putty without password (using public key authentication)

  • ssh-keygen@man authentication key generation, management and conversion
  • ssh-copy-id@man install your public key in a remote machine’s authorized_keys
## 1 - on the client, generates public and private keys in '~/.ssh/id_rsa{.pub,}'
$ ssh-keygen -t rsa
# private should be read-write for owner only
$ chmod 600 ~/.ssh/id_rsa 

# disable user host key database '~/.ssh/known_hosts'
$ cat ~/.ssh/config
StrictHostKeyChecking = no
UserKnownHostsFile = /dev/null

## 2 - private key to 'authorized_keys' and copy public key to the server's .ssh directory
$ cat ~/.ssh/id_rsa >> authorized_keys; scp ~/.ssh/id_rsa.pub user@server:/home/user/.ssh
or
$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@server

# optionally disable StrictModes; check file modes and ownership of the users files and home directory before accepting login
$ cat /etc/ssh/sshd_config
StrictModes no
$ service sshd reload

## 3 - now say you what to login from another machine; just copy private key around
$ scp ~/.ssh/id_rsa user@another:~/.ssh/id_rsa

from using ssh-copy-id for ssh without password

#1 - generate public/private keys using a passphrase with puttygen
#2 - copy/paste public key and append it to server's '.ssh/authorized_keys'
#3 - add private key file to pagent

from Public Key Authentication With PuTTY

Also, add this to {/root,/etc/skel}/.bashrc to refrain from outputting anything in non interactive shells (scp/ssh).
We could use (pseudo-tty) -t on ssh but scp doesn’t have this option.

# This file is sourced by all *interactive* bash shells on startup,
# including some apparently interactive shells such as scp and rcp
# that can't tolerate any output.  So make sure this doesn't display
# anything or bad things will happen !

# Test for an interactive shell.  There is no need to set anything
# past this point for scp and rcp, and it's important to refrain from
# outputting anything in those cases.
if [[ $- != *i* ]] ; then
        # Shell is non-interactive.  Be done now!
        return
fi

from testing for interative terminal in .bashrc, bash_profile vs bashrc and Zsh/Bash startup files loading order (.bashrc, .zshrc etc.)

If you really dont want to use public key authentication and prefer user/password then try putty’s fork kitty, which supports sending password automatically

## install using https://chocolatey.org
$(comspec) cinst kitty
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s