This article shows you how to setup ssh using password-free access to a remote server. This can be used in the senario that you want your program to securely copy files from local machine to the remote server. Public key authenticate can prevent brute force SSH attacks, but only if all password-based authentication methods are disabled. First, we need to confirm that OpenSSH is the SSH software installed on the client system. Run
[email protected]$ ssh -V
from shell, and the output should be similar to this:
OpenSSH_4.3p2 Debian-5ubuntu1, OpenSSL 0.9.8b 04 May 2006
A RSA key pair must be generated on the client system. The public portion of this key pair will reside on the servers being connected to, while the private portion needs to remain on a secure local area of the client system, by default in ~/.ssh/id_rsa. The key generation can be done with the ssh-keygen utility.
[email protected]$ mkdir ~/.ssh
[email protected]$ chmod 600 ~/.ssh
[email protected]$ ssh-keygen -q -f ~/.ssh/id_rsa -t rsa
Enter passphrase (empty for no passphrase): …
Enter same passphrase again: …
Leave the passphrase blank by hitting enter twice, remember, we want our program to login into the remote system automatically. The key file should be restricted to be accessed by you only by giving 600 permission. OpenSSH may also refuse the support public key authentication if the key file is open to other users.
[email protected]$ chmod -R 600 ~/.ssh/*
The public portion of the RSA key pair must be copied to any servers that will be accessed by the client. The public key information to be copied should be located in the ~/.ssh/id_rsa.pub file on the client.
# now upload the key file to the remote server
[email protected]$ scp -P  ~/.ssh/id_rsa.pub @server.com:
# next, copy file to the right directory
[email protected]$ mkdir ~/.ssh
[email protected]$ chmod 600 ~/.ssh
[email protected]$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
[email protected]$ chmod 600 ~/.ssh/authorized_keys
[email protected]$ rm ~/id_rsa.pub
Be sure to append new public key data to the authorized_keys file, as multiple public keys may be in use. Each public key entry must be on a different line. Now you can login to the remote server without a password:
[email protected]$ ssh -P  -o PreferredAuthentications=publickey @server.com

[email protected]$

Leave a Reply

Your email address will not be published. Required fields are marked *