Permanant Automatic ssh login without password

[cdgary]

I'm ssh-ing between two machines and entering the passphrase key every time I need to connect to the other machine's ssh server. I added my key to the ssh-agent daemon using the below commands, which allowed me to use ssh one time without using the password, but when I returned back to the machine I originally ssh-ed from it prompted me for my passphrase key again when trying to ssh to the same machine, which totally defeats the point. How can I get the passphrase to hold permanently so I won't have these issues.

Code:

exec ssh-agent /bin/bash
ssh-add $HOME/.ssh/id_dsa
Enter passphrase for /home/user/.ssh/id_dsa:

[TDAY]

I've always created an ssh key with ssh-keygen -t rsa which creates a file ~/.ssh/id_rsa.pub which I copy to the remote target in directory ~/.ssh/ via scp. Then you can cat the id_rsa.pub you copied into a file authorized_hosts. This should set up the "automatic" login process for you based on rsa keys.

[cdgary]

I'm aware of all of that. My post discusses issues I was having with a permanent automatic ssh login without using the passphrase key.

[vallimar]

If you don't want to ever enter the passphrase, why not just create a new key without one?

[AndrewSerk]

Hello,

To create the ssh key you should use dsa not rsa:

Code:

ssh-keygen -t dsa

To copy your key to a remote server you should use:

Code:

ssh-copy-id -i ~/.ssh/id_dsa.pub HOSTNAME_OR_IPADDRESS

Hope this helps,

[jpollard]

As a reminder, this is no longer a secured login. IF your account is ever penetrated on any system, all your systems have also been penetrated.

[AndrewSerk]

Quote:

Originally Posted by jpollard

As a reminder, this is no longer a secured login. IF your account is ever penetrated on any system, all your systems have also been penetrated.

Thanks jpollard,
Old habits, Please disregard my above post.

[aesir]

I think pam_ssh is what you are looking for.
It's in the repos, "yum info pam_ssh".

[stevea]

Quote:

Originally Posted by AndrewSerk

Thanks jpollard,
Old habits, Please disregard my above post.

There is no reason to disregard or retract it. It's merely a method that has an obvious security implication that JP' describes. That doesn't make it an unusable method.

Quote:

Originally Posted by cdgary

I'm aware of all of that. My post discusses issues I was having with a permanent automatic ssh login without using the passphrase key.

You need to describe exactly what you mean - b/c you are making up terms.

'passphrase key' is meaningless. Keygen utility is used to create bother user and host keys. Your user account key can have a passphrase associated with it. In that case authentication requires two pieces of information - the other half-key and the passphrase.

If you create a key w/o a passphrase as AndrewSerk suggests then no passphrase - not even a null passphrase will be requested.

So you can do this ....

Quote:

[stevea@crucibulum Desktop]$ ssh hypoxylon
Last login: Fri Dec 23 04:08:41 2011 from crucibulum.localdomain
[stevea@hypoxylon ~]$ ssh lycoperdon
Last login: Wed Dec 21 09:49:59 2011
[stevea@lycoperdon ~]$

with no password or passphrase authentication.


Next - your meaning of "permanent automatic ssh login".

The putting the public half-key into ~/.ssh/authorized_hosts means the PubkeyAuthentication scheme can be use for authentication. That seems like 'permanent' to me.

There is no 'automatic' login per se. You either type "ssh me@somehost" or you can cause a window to appear that does this at login.