Password-less Logins with OpenSSH, scp, and rsync

UPDATE: I changed ‘>’ (erase file, then write to file) to ‘>>’ (append to file). This avoids you overwriting your, or other peoples’, public keys.

Setting up password-less logins is both dangerous, and mighty. It allows one to authenticate to an OpenSSH server without typing in a password. Authentication is gained via knowledge of a private key.

Generate a Public/Private Key Pair

$> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/felipe/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): <ENTER>
Enter same passphrase again: <ENTER>
Your identification has been saved in /home/felipe/.ssh/id_rsa.
Your public key has been saved in /home/felipe/.ssh/
The key fingerprint is:
d7:79:c3:01:ce:90:71:a2:a2:3d:83:26:fb:9a:1f:5b felipe@linux.local

You will then find two files inside your directory. Keep them safe, secure, and secret. The public key (the one with .pub at the end) can be widely disemmindated. It represents the antonym of secrecy and privacy. The private key, however, must remain private and secret at all times.

Copy the PUBLIC key to a remote OpenSSH server

You must copy your public key to a remote host. The host will verify that you own the private key by encrypting a “challenge” and forcing your ssh client to decrypt it. If successful, you are authenticated, and admitted entrance. A password isn’t required.

$> cat /home/felipe/.ssh/ | ssh \
"cat - >> .ssh/authorized_keys"'s password: <PASSWORD>

This copies your public key the authorized_keys file (NB: authorized_keys2 is deprecated and no longer recommended for use. OpenSSH checks both).

Testing Phase

‘logout’ or ‘exit’ and try:

$> ssh

It should not ask you for a password. You should automatically be logged into the remote system.

Works with scp and rsync too!

‘scp’ and ‘rsync’ both use a ssh client at the backend, and so will also authenticate automatically utilising your public and private key pair. Try:

$> scp file_a

This should transfer without pausing to ask for your password. Likewise try:

$> rsync -r /backups/2010/Jan

This should backup your entire directory to without pausing to ask for a password. You can put a line similar to this one in a shell script, and run it with cron once a week or so. It will automatically backup your system, using OpenSSH, and proven secure and safe method for authentication of human and machines across an untrusted public network, away from curious eyes.

3 Replies to “Password-less Logins with OpenSSH, scp, and rsync”

  1. TashJanuary 30, 2010 at 9:25 pm

    Back to public and private key 😛 I forgot everything… wish I could make use of what I learn like u…. this will prove useful to me in future 😛 thanks….
    “A candle loses nothing by lighting another candle. James Keller” Thanks for sharing

  2. adminFebruary 2, 2010 at 8:16 am

    Wow! You find my posting. Were you just curious about me and wanted to take a look? I smiled when I read it. I’ll be leaving on Sunday (will be Monday in Brissy) and then I land on the 10th – looking forward to meeting up.
    I don’t think you’ll have much use for OpenSSH anytime soon, what do you think?

  3. TashFebruary 2, 2010 at 9:11 pm

    I visit your blog every time…if someone pays you for my hit on ur blog, u would be millionaire by now 😛 kidding… but I do check when ever I get time.. good to hear that u ll be soon in brissy… looking forward it..:)

    I don’t know if it will be useful soon but we never know what we need at same might prove useful… keep posting…
    cya real soon

Leave a Comment