How do I passwordless ssh?

Share

Tweet

Share

Share

Email

Comments

Here is how to configure ssh to connect to any server or desktop running ssh without a password:

ssh-keygen -t
# accept the default filename and choose a password
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys2
# [Also copy authorized_keys and authorized_keys2 to ~/.ssh on machines that don’t mount the same home directory]
chmod go-rwx ~/.ssh/*
ssh-add
# enter the password you chose before

It is possible to use a blank password, which is convenient. However, you shouldn’t. Assuming you do set a password you will need to run

ssh-add < /dev/null

Troubleshooting
It doesn’t work
ssh is very fussy about file permissions.

Did you do?

chmod go-rwx ~/.ssh/*

For ssh-add to work, ssh-agent needs to be set up and running. But on at least Debian/Ubuntu systems, that part is sorted out by default.

Remember that ssh -v gives very verbose debugging information.

If this is not what you wanted, you should change your default settings or use the -A option when sshing the first computer. This forwards a connection to your ssh-agent.
Now I have to type in my password twice?

On logging on you now have to type your login password and a password to unlock your keys to ssh-agent. Note that these passwords are for different things and can be different. Having a blank password on your keys is a bad idea, especially if you use NFS. I don’t know of a way to get the login program to pass a password onto ssh-agent (without a lot of hacking).
What’s the relationship between my login password and my ssh keys?

None. Your encrypted keys are stored separately from the hash of your login password; nothing forces your key and login passwords to be the same. If your account is compromised you need to change your password and your ssh keys. If you only change your password, your old ssh keys will still allow access to your account (and vice versa).