Quickly Configuring SSH / SFTP for Passwordless Authentication

SSH can be quickly configured to authenticate users with keys rather than passwords – if the server is setup to allow this type of handshake.  The process consists of exporting a users’ public key from the client host and installing it in the profile of the same user on the target machine.  If your client user doesn’t have a public key, let’s begin by creating one:

For example, let’s use a sandbox VM –  accept the defaults when prompted; bring up your client user account, in this case “vassox,” and run ssh-keygen to create our keypairs.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[vassox@tank /]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vassox/.ssh/id_rsa):
Created directory '/home/vassox/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vassox/.ssh/id_rsa.
Your public key has been saved in /home/vassox/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bx5LZu5Mo+vWUuyWhenjrLahBEH5fzFtFYZgphyCXqg vassox@tank
The key's randomart image is:
+---[RSA 2048]----+
| .+. . +. .o. |
| .+ .o = ... |
| o.o o . . |
| E ... o o |
| . .S. * |
| . ..* . |
| . .*Xo |
| . .+&B+ |
| .+*OO. |
+----[SHA256]-----+
[vassox@tank /]$

Now if we navigate to the home dir cd ~/. you will notice a new .ssh directory with the following content:

1
2
3
4
5
6
[vassox@tank .ssh]$ ls -alrt
total 8
drwx------. 6 vassox vassox 119 Feb 18 14:51 ..
-rw-------. 1 vassox vassox 1675 Feb 18 14:51 id_rsa
drwx------. 2 vassox vassox 38 Feb 18 14:51 .
-rw-r--r--. 1 vassox vassox 393 Feb 18 14:51 id_rsa.pub

We have now successfully generated a set of private and public keys – let’s retrieve the public key and install it on our target host.  First cat id_rsa.pub:

1
2
[vassox@tank .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7+fsiIPYc5LAlBTrxom0b88s3rW5VwWsE3/L5F+nqCK7+uISr3gP0AWKxBJQY+VC4xx7VAPFQFHWFd39rlqNrecl2E9suJRjrGZduxsaw1F2IeBpjS5Bp/vkcAXMfbn0nffSWJAB2UKBCyXRsEW716nCwVhpc2sax1ELMxNy5fLflqdONYyMatMpFIfxV0z14krqx91p6hXUCDtadnqNw1O8i3Vtt3rxeU4JxPqLthz7N+RFhzIuKgrfos8gInw3BMQkQ0NHmDvVb5Bc3i80ylPP/1Q3b3QV/YlhqXUlPZYZLpaFosbN8Ol00i3NvygyNj48VJz4qnK+Brre06GBT vassox@tank

Switch over to your target (host) machine that you would like to establish a passwordless link for and navigate to the .ssh dir in your user’s home directory. Open / create an authorized_keys by invoking vi authorized_keys file and simply insert the public key we exported in the previous step:

1
2
[vassox@nuuk .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7+fsiIPYc5LAlBTrxom0b88s3rW5VwWsE3/L5F+nqCK7+uISr3gP0AWKxBJQY+VC4xx7VAPFQFHWFd39rlqNrecl2E9suJRjrGZduxsaw1F2IeBpjS5Bp/vkcAXMfbn0nffSWJAB2UKBCyXRsEW716nCwVhpc2sax1ELMxNy5fLflqdONYyMatMpFIfxV0z14krqx91p6hXUCDtadnqNw1O8i3Vtt3rxeU4JxPqLthz7N+RFhzIuKgrfos8gInw3BMQkQ0NHmDvVb5Bc3i80ylPP/1Q3b3QV/YlhqXUlPZYZLpaFosbN8Ol00i3NvygyNj48VJz4qnK+Brre06GBT vassox@tank

Now you should be able to ssh or sftp with out a password from your client to target host.

Lima

About the author

Lima is the visual nautical indicator for "stop instantly."

Comments

Leave a Reply