This article shows you how to setup ssh using password-free access to a remote server. This can be used in the senario that you want your program to securely copy files from local machine to the remote server. Public key authenticate can prevent brute force SSH attacks, but only if all password-based authentication methods are disabled. First, we need to confirm that OpenSSH is the SSH software installed on the client system. Run
firedog@local$ ssh -V
from shell, and the output should be similar to this:
OpenSSH_4.3p2 Debian-5ubuntu1, OpenSSL 0.9.8b 04 May 2006
A RSA key pair must be generated on the client system. The public portion of this key pair will reside on the servers being connected to, while the private portion needs to remain on a secure local area of the client system, by default in ~/.ssh/id_rsa. The key generation can be done with the ssh-keygen utility.
firedog@local$ mkdir ~/.ssh
firedog@local$ chmod 600 ~/.ssh
firedog@local$ ssh-keygen -q -f ~/.ssh/id_rsa -t rsa
Enter passphrase (empty for no passphrase): …
Enter same passphrase again: …
Leave the passphrase blank by hitting enter twice, remember, we want our program to login into the remote system automatically. The key file should be restricted to be accessed by you only by giving 600 permission. OpenSSH may also refuse the support public key authentication if the key file is open to other users.
$firedog@local$ chmod -R 600 ~/.ssh/*
The public portion of the RSA key pair must be copied to any servers that will be accessed by the client. The public key information to be copied should be located in the ~/.ssh/id_rsa.pub file on the client.
# now upload the key file to the remote server
firedog@local$ scp -P  ~/.ssh/id_rsa.pub @server.com:
# next, copy file to the right directory
firedog@www$ mkdir ~/.ssh
firedog@www$ chmod 600 ~/.ssh
firedog@www$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
firedog@www$ chmod 600 ~/.ssh/authorized_keys
firedog@www$ rm ~/id_rsa.pub
Be sure to append new public key data to the authorized_keys file, as multiple public keys may be in use. Each public key entry must be on a different line. Now you can login to the remote server without a password:
firedog@local$ ssh -P  -o PreferredAuthentications=publickey @server.com

firedog@www$

Leave a Reply

Your email address will not be published. Required fields are marked *