Child pages
  • ssh passwordless login

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ssh passwordless login is done using a public/private key pair.  The private key is is kept on the system you want to login from; the public key is copied to the system and user you want to login to.

Setup procedure

(warning) root's authorized_keys file is distributed from Blue Light's git.  In case any extra keys are required, for example to run backups, they are put in authorized_keys2 so they are not overwritten the next time authorized_keys is updated from git.

  1. Generate a public/private key pair following the procedure on ssh key generation
  2. Copy the public key to the system and user you want to login to, adding it to the user's ~/.ssh/authorized_keys file.  If the file does not exist, create it and set the permissions to read and write for the user only (rw-------).
  3. For passwordless login as root to work, /etc/ssh/sshd_config on the system you want to login to must have "PermitRootLogin without password".

...

An example showing user names:

master c@CW8:~$ $ ag work
1) uma='ssh root@ac002.workcom.av'
2) valli='ssh root@ac001.workcom.av'
#?

Where necessary the aliases hop via an intermediate host (Blue Light policy is to configure Internet-exposed servers to accept root logon only from specific addresses):

c@CW8:~$ $ ag hot
1) rad='ssh -A -t root@blav.bluelightav.org ssh root@hotspot.bluelightav.org'
#?

An example showing a hosting service provider name:

c@CW8:~$ $ ag online
1) online.net='ssh -A root@sd-44498.dedibox.fr'
2) online.net.backup='ssh -p 2222 root@sd-44498.dedibox.fr'
#?

...

If an identity_file has been added, is its corresponding public key in the server's ~/.ssh/authorized_keys file for the user you are trying to log in as?

If there is a firewall on either ssh client or server, does it allow port 22 as required?

If the above check list has not identified the problem, generate more information by:

...