Easy Passwordless SSH

Short version: here is a script to automate key exchanges. usage: “key_exchange user1@host1 user2@host2…”

Long version: SSH – the easiest way to log on to another computer remotely.  Possibly the most common, and certainly the default, method of authentication when logging into a remote machine is by password.  i.e.

> ssh username@earth.the.world

is greeted with

username@earth.the.world’s password:

Which is all well and good, but if one logs into a remote machine frequently it’s nice to have the magic just happen.  This can be accomplished by what is known as a key exchange.  If I am username@mars and I want to login to username@earth, I simply add my key to a list of keys which have permission to login on earth and the next time I end up bypassing the checkin desk at the interplanetary airport.  So how can I make this key you ask?  usually there are a few steps, first generate a key with a blank password (this means the you don’t have to enter a password to use the key), the alternative is to have a password on the key, which means that you still get asked for a password, it’s just now the one in the key, as opposed to the password for the user.  Try not to think about that too much, the important thing is to make a password with a blank key.

So we’d like to make a key: “> ssh-keygen” inventively named, as all things linux (I’m being sarcastic if you missed it).  This will prompt for where to save the key and a password, we like the defaults for everything, so just hit enter three times (one to accept default location, one for blank password one, one for confirmation of your blank password).  Note we’re making a key on mars, and we’re later going to move that key to the list of authorized keys on earth.

You’ll be met with something like this:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
fc:8e:4e:20:7a:73:74:b6:86:c0:58:5c:77:ab:34:c5 username@mars
The key's randomart image is:
+--[ RSA 2048]----+
|      . ..o      |
|   . . . oE.     |
|    o   o .      |
|   +   o o       |
|  . + o S        |
|   . + = o       |
|  . o o + .      |
|   . o o o       |
|       .o .      |
+-----------------+

So we now have a key (actually a key pair, consisting of a public key and a private key, or id_pub.rsa and id.rsa) in ~/.ssh.  Now we need to move that key to earth and put it in a list of authorized keys. We can do that the old way “scp ~/.ssh/id_rsa.pub username@earth.the.world:~” then “ssh username@earth.the.world “mkdir .ssh; cd .ssh; cp ../id_rsa.pub mars_key.pub; cat mar_key.pub >> authorized_keys”.  This way is copying the file over scp, then putting the key in the list of authorized keys (using >> so as to add to what may be there already).

The alternative (download here):

#!/usr/bin/perl

my $localhost=`hostname`;
chomp($localhost);
print "host = $localhost\n";

my $user = `whoami`;
chomp($user);
print "user = $user\n";

if (! -e "/home/$user/.ssh/id_rsa.pub")
{
 `ssh-keygen -t rsa -q -N "" -f ~/.ssh/id_rsa`;#make the key
}

foreach $argnum (0 .. $#ARGV)
{
 my $remotehost = $ARGV[$argnum];
 `scp ~/.ssh/id_rsa.pub $remotehost:~/.ssh/$hostname.pub`;
 `ssh $remotehost "cd ~/.ssh; cat authorized_keys|grep -v $user\@$localhost >> authorized_keys.clean; rm authorized_keys; mv authorized_keys.clean authorized_keys; cat $hostname.pub >> authorized_keys;"`;
}

This does pretty much the same thing, except it’s all automated.  One needs only type “key_exchange username@earth.the.world” and if you’re on mars it checks if mar’s keys exist, if they don’t it makes them, then it copies the key to earth and puts it in the proper place.  You do need to type in the password on earth twice (corresponding to the scp and the ssh command).  It can even do multiple key exchanges at once, i.e. “key-exchange username@earth.the.world useronsaturn@saturn.big.planet useronmercury@mercury.fast.one” and so on.  If you don’t know what to do with the script, put it in a file named key_exchange, then “chmod +x key_exchange” and you’re good to go.

Posted in Tech. Tags: , , . 1 Comment »

Starting Deluge through SSH

I had some trouble starting an instance of deluge on a remote machine and directing the x output of deluge to that remote machine.  My solution:

export DISPLAY=:0.0 && deluge

As a sidenote combining deluge with an rss feed makes it more or less into a very clever dvr.  I recommend flexrss, which is installable as a plugin to deluge.