HomeSSH login without password using OS X

Reply to comment

SSH login without password using OS X

Tue, 01/19/2010 - 21:42 — webmaster
OpenSSH

Tired of typing passwords to SSH servers you often access? Well get used to it then this give you the highest level of security out there, BUT it have a tendency be boring and also prevent you from running scripts that automagicly move content between your computer and server. The good news it that there is a simple solution to this but first some background history.

To be able to login to a SSH server the server must have a copy of your public key but the key is normally signed by a passphrase so to use it you have to type the passphrase so this is not really solving anything is it? But there is solutions to this.

Option 1

The most daring users create a public keyfile without a passphrase to get around this. This has a tendency to be a security problem if some should be able to get access to your private keyfile.

Option 2

The second way of soving this is more secure then you create your keys with a passphrase and use a program (ssh-agent) to take care of the authentication. This solution work quite good but has some serous drawbacks. You need to have your shell environment set up correctly and only application with the correct environment setup can use this solution. This forked a lot of utilities on OS X that enabled you to use the native keychain application that is a part of the OS for storing your passphrase.

In Leopard (10.5) Apple finally introduced native support for using keychange in terminal by this rendered most of those utilities obsolete.

Setting it up

Since OS X now has native support for passphrases to settings this up could not be any easier.

Create the keys:
Start up Terminal and type:
ssh-keygen -t rsa
ssh-keygen will ask you where to place the keys, normally in ~/.ssh/id_rsa just press enter default is just fine.
ssh-keygen ask you to enter a passphrase, use something secure here!

Copy the public key to your SSH server
You now need to copy your public key to the SSH server(s) you want to auto login to. Do it any way you like, I normally do:
scp ~/.ssh/id_rsa.pub example.com:~/.ssh/authorized_keys

If your account already has a authorized_keys file then you need to be more careful not to overwrite this file by doing something like:
cat ~/.ssh/id_rsa.pub | ssh example.com "cat - >> ~/.ssh/authorized_keys"

You might consider restricting file access to the file authorized_keys on the SSH server. chmod 0600 ~/.ssh/authorized_keys
Now you should be all set. The first time you ssh to the server keychain will prompt you for the keyphrase.

Screen shot 2010-01-19 at 14.41.41.png

After this step is complete you will never need to type you password again and security is still preserved.

Reply

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <h2> <h3> <h4> <embed>
  • Lines and paragraphs break automatically.

More information about formatting options