How to login via SSH Without a Password

Multithreaded JavaScript has been published with O'Reilly!

Do you find yourself SSH-ing into a server many times from the same client, and are annoyed by having to type the same SSH password every single time? Well good news is here! Thanks to the magic of SSH Certificates, using a password is a thing of the past. You may be wondering if this is any less secure? It is only less secure if your client machine is compromised. If this does happen, the certificate can be revoked on the server side to lock out the client, however.

What we'll do is generate a public and private authentication key on our client, and copy the public key to the server. They keys can have a password assigned to them (in effect allowing you to login using a different password), but we can leave this blank and achieve our automatic login. This doesn't mean you are sending unencrypted data over SSH by any means, it just means that our certificates are doing the authentication instead of manually typing a username and password all the time.

Here's an example bash session. I'll be using text in all caps to signify hostname / username / stuff you'll want to change:

CLIENTUSER@CLIENTHOST:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/CLIENTUSER/.ssh/id_rsa): <press enter>
Created directory '/home/CLIENTUSER/.ssh'.
Enter passphrase (empty for no passphrase): <press enter>
Enter same passphrase again: <press enter>
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/CLIENTUSER/.ssh/id_rsa.pub.

Congratulations, you've now got a pair of public and private SSH keys. But, they don't actually do anything yet. You'll now want to create a .ssh directory on the server (that is, if you don't already have one). You'll also want to copy your SSH public key to the list of authorized keys on the server.

CLIENTUSER@CLIENTHOST:~$ ssh SERVERUSER@SERVERHOST mkdir -p ~/.ssh
SERVERUSER@SERVERHOST's password: SERVERPASSWORD<press enter>
CLIENTUSER@CLIENTHOST:~$ cat ~/.ssh/id_rsa.pub | ssh SERVERUSER@SERVERHOST 'cat >> .ssh/authorized_keys'
SERVERUSER@SERVERHOST's password: SERVERPASSWORD<press enter>

Once this is done, you are now able to run ssh SERVERHOST and get a secure SSH connection to the server without the need to enter your password!

Thomas Hunter II Avatar

Thomas has contributed to dozens of enterprise Node.js services and has worked for a company dedicated to securing Node.js. He has spoken at several conferences on Node.js and JavaScript and is an O'Reilly published author.