Easy Passwordless SSH

Short version: here is a script to automate key exchanges. usage: “key_exchange user1@host1 user2@host2…”

Long version: SSH – the easiest way to log on to another computer remotely.  Possibly the most common, and certainly the default, method of authentication when logging into a remote machine is by password.  i.e.

> ssh username@earth.the.world

is greeted with

username@earth.the.world’s password:

Which is all well and good, but if one logs into a remote machine frequently it’s nice to have the magic just happen.  This can be accomplished by what is known as a key exchange.  If I am username@mars and I want to login to username@earth, I simply add my key to a list of keys which have permission to login on earth and the next time I end up bypassing the checkin desk at the interplanetary airport.  So how can I make this key you ask?  usually there are a few steps, first generate a key with a blank password (this means the you don’t have to enter a password to use the key), the alternative is to have a password on the key, which means that you still get asked for a password, it’s just now the one in the key, as opposed to the password for the user.  Try not to think about that too much, the important thing is to make a password with a blank key.

So we’d like to make a key: “> ssh-keygen” inventively named, as all things linux (I’m being sarcastic if you missed it).  This will prompt for where to save the key and a password, we like the defaults for everything, so just hit enter three times (one to accept default location, one for blank password one, one for confirmation of your blank password).  Note we’re making a key on mars, and we’re later going to move that key to the list of authorized keys on earth.

You’ll be met with something like this:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
fc:8e:4e:20:7a:73:74:b6:86:c0:58:5c:77:ab:34:c5 username@mars
The key's randomart image is:
+--[ RSA 2048]----+
|      . ..o      |
|   . . . oE.     |
|    o   o .      |
|   +   o o       |
|  . + o S        |
|   . + = o       |
|  . o o + .      |
|   . o o o       |
|       .o .      |
+-----------------+

So we now have a key (actually a key pair, consisting of a public key and a private key, or id_pub.rsa and id.rsa) in ~/.ssh.  Now we need to move that key to earth and put it in a list of authorized keys. We can do that the old way “scp ~/.ssh/id_rsa.pub username@earth.the.world:~” then “ssh username@earth.the.world “mkdir .ssh; cd .ssh; cp ../id_rsa.pub mars_key.pub; cat mar_key.pub >> authorized_keys”.  This way is copying the file over scp, then putting the key in the list of authorized keys (using >> so as to add to what may be there already).

The alternative (download here):

#!/usr/bin/perl

my $localhost=`hostname`;
chomp($localhost);
print "host = $localhost\n";

my $user = `whoami`;
chomp($user);
print "user = $user\n";

if (! -e "/home/$user/.ssh/id_rsa.pub")
{
 `ssh-keygen -t rsa -q -N "" -f ~/.ssh/id_rsa`;#make the key
}

foreach $argnum (0 .. $#ARGV)
{
 my $remotehost = $ARGV[$argnum];
 `scp ~/.ssh/id_rsa.pub $remotehost:~/.ssh/$hostname.pub`;
 `ssh $remotehost "cd ~/.ssh; cat authorized_keys|grep -v $user\@$localhost >> authorized_keys.clean; rm authorized_keys; mv authorized_keys.clean authorized_keys; cat $hostname.pub >> authorized_keys;"`;
}

This does pretty much the same thing, except it’s all automated.  One needs only type “key_exchange username@earth.the.world” and if you’re on mars it checks if mar’s keys exist, if they don’t it makes them, then it copies the key to earth and puts it in the proper place.  You do need to type in the password on earth twice (corresponding to the scp and the ssh command).  It can even do multiple key exchanges at once, i.e. “key-exchange username@earth.the.world useronsaturn@saturn.big.planet useronmercury@mercury.fast.one” and so on.  If you don’t know what to do with the script, put it in a file named key_exchange, then “chmod +x key_exchange” and you’re good to go.

Posted in Tech. Tags: , , . 1 Comment »

One Response to “Easy Passwordless SSH”

  1. Joseph Says:

    Script might not work out exactly as planned if you don’t already have a .ssh directory on both machines. If anyone tries that and has issues leave a comment (the errors it spits out would be helpful) and I’ll fix it.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: