Claremont, Cape Town, 7708
+27 87 265 9183

Simple SSH password-less logins

Simple SSH password-less logins

Simple SSH password-less logins

Intro:

If you have never generated a SSH key or this is your first time, the first thing you should do is generate the SSH keys on your PC or Workstation, and not on your servers, well not on your servers yet. (Refer to our outro for a better explanation and examples at the end of this post.)
Many tutorials and HowTos I have seen online do not fully explain this and some devs or users generate the keys on their server/s and then try to connect to the server/s from their PC’s or Workstations with no luck.
They then go down the rabid hole of copying private keys and public keys all over the place until it eventually works without fully understanding how the relationship of the public and private keys work.

Examples for Linux and macOS:

First generate your SSH key:
Open up a terminal or log into your terminal (Depending on your Linux distro or if you are running a GUI)
On Unity Desktop you can press
“CTRL + ALT + T” keys together on your keyboard to open a terminal window.
On macOS you can find your terminal app under finder, go to
Applications / Utilities / Terminal and click it. Or from Launchpad, click Other, then click on Terminal.
Once the terminal is open you can run:
You can replace “SideLink” with your name, or your email address it serves as a reminder / description.
ssh-keygen -t rsa -b 4096 -C “SideLink”
When asked “Enter file in which to save the key” you can just hit enter.
When asked for “Enter passphrase (empty for no passphrase):” you can just leave it blank for none.
(For our example we leave the passphrase out.)

It will store the keys in the profile you generated it on in .ssh/ i.e. if your user / profile is sidelink it will be in /home/sidelink/.ssh/ on Linux (in this example Ubuntu specifically).
On macOS if the user / profile is sidelink it will be:
/Users/sidelink/.ssh/
The file that contains your newly generated public key is
id_rsa.pub and your private is in id_rsa so the full paths to the files will be /Users/sidelink/.ssh/id_rsa and /Users/sidelink/.ssh/id_rsa.pub

You can read your public key for manually copying and sharing like this:
cat /Users/sidelink/.ssh/id_rsa.pub

Example of what your public key may look like:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRMwwF0SBE4dTYGP0VzfGwHQ30DzwebG9WvMQYbptcdRnGdUWpBRyYmB97v58MNifgqsazhhefDmVzYRyHl5mk4c0mD+mki9lhwAXKiHblF2BGtyNDHuArDJskkDc3QHenmGm7qKSb4CUrMV0zH5SStm7A3NStraIvMWLvm1n+1VrGZtDAv27nNDkuVhkFfgEFgKpX8DNravBKrpRrfR42w6wFLSqrMxl6dYyRVI0vmUjXo7f6qVStIDyu5IsT/HwpqFomCieksWTxm+QsVec2lQRuoTEz0f9NEVyn1xB20u31j8iok9W1eQLxzKMDP8/O2g+geSyp4wFUiItETpbDOQuDOq+ssXmvr23rva80tPrWrpiQsue3F1InLv2uspJkBmUf/gnEiwddS2/XFPTEA6CK1mCaZR1mpPoIClGuJXnIDDHzggVsHXS9dk3/BbtWMJ1mEp3Ng/T/wf2HBCwwUrX29jUsTjY4Gbc42FC5WIBle7PhNJqOSiLufqPbuDo8uy/J9RSOraKNQ8X/O79ioFNhRPHkaY+h8bd5oQmCDJT32vhLR3tiFvBcwhwJoWkKOA4tCVwWymBvdpZVZnFw2iKBHd/GvCIH+mb8V8pU5UGUgGMke0/HBUqc4I23d4u5Vk+KHFBHatMO8JvmGN+u8X8tsC3piU2kofx5vrZSuQ== SideLink

!!! DO NOT EVER SHARE YOUR PRIVATE KEY/S WITH ANYONE, THEY ARE STORED IN THE id_rsa FILE, ONLY EVER SHARE YOUR PUBLIC KEYS IN i.e. id_rsa.pub !!!

Now copy your SSH public key to your host:
Assuming the username on your server is
sidelink and your IP is 192.168.0.146 (change the IP to match your Setup or Network)
ssh-copy-id [email protected] i.e. ssh-copy-id [email protected] (it will ask you for the password the first time)

Now log into your server with, ssh [email protected] i.e. ssh [email protected] if you used / setup a passphrase you will need to enter it first and each time thereafter when you connect.

After connecting to your server / host you will be able to find your public key in ./ssh/authorized_keys in the main user / profile folder or you can read it by running: cat ~/.ssh/authorized_keys in this example the full path will be assuming your username / profile name is sidelink: /home/sidelink/.ssh/authorized_keys

You now have password-less logins setup and can use this key for all your secure logins by copying it to your servers or even cloud service’s that support SSH keys.

If you configured your servers SSH port to be something other than 22 i.e. 33223 you can do i.e.: we will post a how-to on changing your SSH server ports for a bit of extra “security and obscurity” – easily change your SSH server ports.
ssh-copy-id -p 33223 [email protected]

Example for Windows 10:

On Windows enable OpenSSH client.
Enable / download and install OpenSSL for Windows 10.
Click on your
Start menu and go to:
Settings.
Apps.
Optional Features.
Search for and enable / install
OpenSSH Client.
Once installed open up a
command prompt (cmd) as an Administrator, you can do this by searching for cmd in the search box on your task bar, now right click cmd (command prompt) and select run as Administrator.
Now run the same command to generate the SSH keys as on Linux and macOS.
ssh-keygen -t rsa -b 4096 -C “SideLink”
You can replace “
SideLink” with your name, or your email address it serves as a reminder / description.
Assuming your Username / Profile is
sidelink, the keys will be generated and stored here: c:\Users\Sidelink/.ssh/ i.e. your private key will be: c:\Users\Sidelink/.ssh/id_rsa and your public ket will be: c:\Users\Sidelink/.ssh/id_rsa.pub

!!! DO NOT EVER SHARE YOUR PRIVATE KEY/S WITH ANYONE, THEY ARE STORED IN THE id_rsa FILE, ONLY EVER SHARE YOUR PUBLIC KEYS IN i.e. id_rsa.pub !!!

You can now use Putty or your favorite SSH Client for Windows that supports password-less / SSH key logins.
If you use the built in SSH Client that you installed earlier, you will now be able to use SSH and SCP natively like you would from Linux or macOS, you can refer to above from section:
“Now copy your SSH public key to your host:”

Outro:

Once you have your private and public keys generated on your PC or Workstation you can start applying the same logic to your servers / hosts.
If you are creating secure connections between servers / hosts for lets say, rsync backups and replication, then generate them on the servers / hosts. Try to name the keys logically or name and document them for your later reference.
ie.
Say you have two servers one that stores some shares with data and you want to now rsync between the two, you can generate your private and public keys on each host (you would have already copied your public key from your PC or Workstation during your setup or builds with ssh-copy-id)
Lets say
server001 is your Data store / Data server and hosts your data and shares and server002 is your backup, replica or offsite backup server.
So the assumptions are you have two servers, one named
server001 and server002, your DNS is setup to be able to resolve server001 and server002, if not you can substitute the names with your servers IP address’s. (We will post How-to’s on DNS setups, i.e. easy DNS server setups)
You can now generate your SSH keys with a descriptive name i.e.:
On
server001 run: ssh-keygen -t rsa -b 4096 -C “server001” now copy the public key to server002: ssh-copy-id [email protected]
On
server002 run: ssh-keygen -t rsa -b 4096 -C “server002” now copy the public key to server001: ssh-copy-id [email protected]01
You can now SSH (securely connect over SSH) between servers without having to use a password making it MUCH easier and more secure to write and execute scripts i.e. backup scripts etc.

We will post a How-to on easy network shares, and some easy backup examples and backup scripts using rsync.

!!! DO NOT EVER SHARE YOUR PRIVATE KEY/S WITH ANYONE, THEY ARE STORED IN THE id_rsa FILE, ONLY EVER SHARE YOUR PUBLIC KEYS IN i.e. id_rsa.pub !!!

Fin

2 Responses

  1. […] We will generate and import SSH Keys later in another How-to / Tutorial, you can find that here: Simple SSH password-less logins. […]

Leave a Reply