Securely Log In to Another Machine Without a Password

Previous page
Table of content
Next page

ssh

The name of this section might appear to be a misnomer, but it's entirely possible to log in to a machine via ssh, but without providing a password. If you log in every day to a particular computer (and there are some boxes that I might log in to several times a day), the techniques in this section will make you very happy.

Let's say you want to make it possible to log in to eliot (username: tom) from pound (username: ezra) without requiring that you type a password. To start with, create an ssh authentication key on pound using the following command:

$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key  (/home/ezra/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in  /home/ezra/.ssh/id_dsa. Your public key has been saved in /home/ezra/.ssh/id_dsa.pub. The key fingerprint is: 30:a4:a7:31:27:d1:61:82:e7:66:ae:ed:6b:96:3c:24 ezra@pound


Accept the default location in which to save the key by pressing Enter, and leave the passphrase field blank as well by pressing Enter twice when asked. You just created a private key at ~/.ssh/id_dsa and a public key at ~/.ssh/id_dsa.pub.

Now you need to transfer the public keynot the private key!from pound to eliot. The developers behind ssh are way ahead of you, and have created a program that makes this as easy as falling off a log. To automatically copy your public key from pound to eliot, just enter the following on pound:

$ ssh-copy-id -i ~/.ssh/id_dsa.pub tom@192.168.0.25


Now try logging into the machine, with ssh 'tom@192.168.0.25', and check in .ssh/authorized_keys to make sure you haven't added extra keys that you weren't expecting.

You're done (although if you want to follow the advice given by ssh-copy-id, go right ahead). Watch what happens when you use the ssh command from pound to eliot now:

$ ssh tom@192.168.0.25 Linux eliot 2.6.12-10-386 #1 Mon Jan 16 17:18:08 UTC 2006 i686 GNU/Linux Last login: Mon Feb 6 22:40:31 2006 from 192.168.0.15


Notice that you weren't asked to enter a password, which is exactly what you wanted.

Some of you are wondering about the security of this trick. No passwords? Freely exchanging keys? It's true, but think about it for a moment. True, if someone gets on pound, he can now connect to eliot without a password. But that simply means that you need to practice good security on pound. If pound is compromised, you have enormous problems whether or not the attacker realizes that he can also get to eliot. On top of that, you shoot passwords around the Internet all the time. If an attacker acquires your password, he can do major damage as well. Isn't your private key as important as a password? And aren't you going to back it up and safeguard it? When you think about it in those terms, exchanging keys via ssh is at least as secure as passwords, and in most ways much more secure.

Nonetheless, if you prefer to keep using passwords, that's certainly your prerogative. That's what open source and Linux is all about: choice.


Previous page
Table of content
Next page
Linux Phrasebook
Linux Phrasebook
ISBN: 0672328380
EAN: 2147483647
Year: 2007
Pages: 288
Authors: Scott Granneman
BUY ON AMAZON
Data Structures and Algorithms in Java
The Java Tutorial: A Short Course on the Basics, 4th Edition
Ruby Cookbook (Cookbooks (OReilly))
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
.NET System Management Services
Java All-In-One Desk Reference For Dummies
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy