Skip to content

Configuration of SSH for Password less Authentication

GrayIsTheMood edited this page Oct 11, 2012 · 6 revisions

Note: Many supercomputers already generate keys automatically for their users. Users should edit .ssh/authorized_keys2 and not the auto-generated authorized_keys file. Do not tamper with the automatically generated keys.

How to create password less logins?

Follow the below steps to create password logins from the primary machine to the target machine

On your primary machine where you want your secret keys to live, type

ssh-keygen -t dsa

This will prompt you for a secret passphrase. If this is your primary identity key, make sure to use a good passphrase.

If this works right you will get two files called id_dsa and id_dsa.pub in your .ssh dir.

Note: it is possible to just press the enter key when prompted for a passphrase, which will make a key with no passphrase. This is a "Bad Idea" for an identity key, "so don't do it!"

See below for uses of keys without passphrases.

Copy the content of id_dsa.pub file and append it to the target machines .ssh/authorized_keys file. If authorized_keys file is not accessible, then just create .ssh/authorized_keys2 file and paste the key.

Now target machine is ready to accept your ssh key. How to tell it which keys to use? The ssh-add command will do it. For a test, type

ssh-agent sh -c 'ssh-add < /dev/null && bash'

This will start the ssh-agent, add your default identity (prompting you for your passphrase), and spawn a bash shell.

From this new shell you should be able to: ssh target_machine This should let you in without typing a password or passphrase. You can ssh and scp all you want from this bash shell and not have to type any password or passphrase.

Test whether you have a password less login to the target machine by executing the below simple command. ssh <hostname> /bin/date

This command should execute without password input.

Note: If you're running our tutorials on your own system, you'll need openssh-server installed.

Something went wrong with that request. Please try again.