SSH auto-authentication

For work I had to work out a way to SSH from one Debian machine to another. I knew that it was possible, and here’s how.

Both of these machines are running ssh2 (OpenSSH) so if we wanted to connect from Lifeline (local) to Firefly (remote) we’d need to do the following:

First, generate a public/private DSA key pair on Lifeline.

mlambie@lifeline:~$ ssh-keygen -t dsa -f ~/.ssh/id_dsa

When you are asked for a passphrase, leave it empty. Now send the public key to Firefly.

mlambie@lifeline:~$ cd .ssh/
mlambie@lifeline:~/.ssh$ scp id_dsa.pub mlambie@firefly:~/.ssh

Next, log in to Firefly and add the public key to the list of authorized keys.

mlambie@lifeline:~/.ssh$ ssh mlambie@firefly
mlambie@firefly:~$ cd .ssh/
mlambie@firefly:~/.ssh$ cat id_dsa.pub >> authorized_keys2
mlambie@firefly:~/.ssh$ chmod 640 authorized_keys2
mlambie@firefly:~/.ssh$ rm -f id_dsa.pub

Note that the filename is authorized_keys2, not authorized_keys.

And that’s about it, now when you’re logged in to Lifeline, you can SSH to Firefly and not be prompted for a password (which is really handy for rsync backup scripts).

Update: 23/10/2005 12:07PM
It’s been a while, but I use this a lot now. It can better be performed using Debian/Ubuntu’s “ssh-copy-id” command, like this:

mlambie@stormshadow:~$ ssh-copy-id -i ~/.ssh/id_dsa.pub mlambie@machine

Go team Matt!

Update: 26/06/2006 11:59AM
On the Mac I don’t have ssh-copy-id, so it’s best to use:

mlambie@stormshadow:~$ cat .ssh/id_dsa.pub | ssh hostname 'cat >> .ssh/authorized_keys2'

Update: 31/03/2008 12:55PM
An even better solution is to make a bash function that does this for you.

mlambie@stormshadow:~$ cat ~/.profile
#
# Your previous .profile  (if any) is saved as .profile.mpsaved
# Setting the path for MacPorts.
export PATH=/opt/local/bin:/opt/local/sbin:$PATH
export DISPLAY=:0.0

function authme {
  ssh $1 'cat >>.ssh/authorized_keys2' < ~/.ssh/id_dsa.pub
} 

mlambie@stormshadow:~$ source ~/.profile
mlambie@stormshadow:~$ authme servername