Authentication without password with SSH and rsync

Thursday, 12 August 2010

There are a lot of articles on this issue. I'm writing this as a note to self, as I often tend to forget how to setup SSH authentication without password upon reinstalling the OS or changing SSH keys.

 

 

This article is about using SSH without providing a password to login. This method is still secure, but instead of passwords the system provides a SSH key file from your home directory, or a key file you provide through command line arguments. This is useful when you need to login frequently to remote servers(using PuTTY or Cygwin from a Windows OS, or the native SSH client found on Unix/Linux systems).

Using a non-interactive SSH login is especially useful when automating jobs, like issuing commands on remote machines from a central control machine. One such example is backing up your remote data over a secure connection,(differential/incremental file copy and compressed transfers are possible) using rsync .

Client Setup

First you need to generate some ssh keys to work with. The keys are text files located in your /home/user/.ssh (if you're on Linux) or in c:\cygwin\home\user\.ssh (if you're on Windows)[1]. Note there is a dot in '.ssh'  directory name. I'm using both Cygwin and PuTTY. I First I'd like to be able login without password from Cygwin, so i type in a Cygwin console:

ssh-keygen -t rsa

This commands works in Linux as well, since Cygwin is a (partial)Linux port on Windows.

If the script asks for a password, hit Enter, this will disable the password. The command will create a pair of files (by default in your [1] profile '.ssh' subfolder).

Tip: If you mangle with the keys, by copying them from another place, editing, or restoring a backup, you need to make sure key file permissions are restrictive enough beacuse SSH enforces this for security reasons. ssh-keygen takes care of this, but if you manually alter the keys it's a good idea to check permissions

 ls -alh ~/.ssh
chmod 0600 ~/.ssh/id_rsa 
chmod 0600 ~/.ssh/id_rsa.pub

PuTTY needs a special key format, so you need to download PuTTYgen to convert your key so Putty can authenticate using it. PuTTYGen will generate a 'keyname.ppk' which can be used with PuTTY.

Server(remote) setup

 

 The server needs to know about you in order to accept public-key authentication(instead of password authentication). So the server needs to know your public key. This is why an authorized_keys file exists in the server user profile [1] /.ssh folder. You need to paste your CLIENT id_rsa.pub contents into this REMOTE authorized_keys file. The file may contain several keys, just make sure you paste each key on a new line.

We're all set!

now fire up a Cygwin console or a Linux terminal from the client and  type:

ssh user@remote_host -v

(The user must exist on the remote_host, obviously)

If this ids your first login, ssh will ask you if you verified the remote host signature and want to add it to known hosts. Answer yes, and this is it. The -v parameter allows you to see some debugging output, in case things go not so smooth. If everything is well, you will be authenticated without entering a password

Running SSH remote commands

This is as simple as:

ssh user@remote 'ls -al'

Note that the remote command is enclosed in single quotemarks

Rsync: synchronizing remote folders with a local machine

Of course, the rsync manpage is your friend. Before you read it, here's a simple way to pull  an entire folder:

rsync -va user@remoteserver:/home/user/* /home/backup/user  

The syntax is rsync [options] source destination. Note the source format: user@server followed by colon, then the absolute path on remote server.

If you switch source and destination paths, you'll be performing a push, i.e. upload from your local folder to the remote folder.

Good luck!



Give us some social love (it really works now)!

Reddit! Del.icio.us! StumbleUpon! Yahoo! Swik!



Be first to comment this article
RSS comments

Write Comment
  • Please keep the topic of messages relevant to the subject of the article.
  • Please don't use comments to plug your web site. Links are rel='nofollow'-ed
  • Please refresh the page if you're having trouble with the security image code
Name:
E-mail
Homepage
Title:
Comment:

:) :grin ;) 8) :p
:roll :eek :upset :zzz :sigh
:? :cry :( :x
Code:* Code

Last Updated ( Sunday, 15 August 2010 )
 

Europe freelancer directory

Newsletter

Subscribe to TeachMeJoomla's newsletter
Name:
Email:


Auto tags

rsync without password

rsync password

rsync authentication

rsync no password

rsync ssh password

rsync ssh without password

rsync with no password prompt

rsync without password prompt

rsync ssh no password

authenticated rsync

ssh authentication without password

rsync key authentication

ssh without authentication

rsync with password

rsync auth

cygwin ssh without password

rsync without ssh

rsync password ssh

rsync aix password

rsync ssh password file

rsync ssh ppk

rsync ssh public key authentication