Team LiB
Previous Section Next Section

Hack 78. Create a Passwordless Login

Forget about those passwords and make administering a remote server easier.

By far, the most common method of remotely logging in to Linux machines is by using the Secure SHell (SSH). This encrypted method of accessing far-flung computers is a popular choice for system administrators, but despite its popularity, repeatedly logging in and out of computers and entering passwords over and over again can be a chore. This chore is significantly increased when you manage a number of different computers, all with different passwords.

This hack explores how to create a passwordless login. Although this sounds like security suicide, it isn't because it uses special encrypted keys to allow access to the remote computer. You do this by generating both a public and a private key. The public key (a key that you can give to people) is uploaded to the remote server as an authorized key, and when you connect to the remote server, the private key on your local machine is compared to the public key. If they work together, access is granted.

The other benefit of the passwordless login is that you can tie it into your desktop environment and manage files on the remote machine graphically. I discuss this later in this hack.

9.10.1. Generate Public and Private Keys

To create a passwordless login, you need to generate your public and private keys. First, create a new directory called sshkey in your home directory in which to store the keys:

foo@local:~$ mkdir sshkey
foo@local:~$ cd sshkey

When you generate the keys, you have a choice of either the DSA or RSA encryption algorithms, with RSA being the newer version in Version 2 of the SSH protocol. You can generate the keys with:

foo@local:~$ ssh-keygen -f id_rsa -t rsa

When you run this command, you are asked for a password; press Enter when prompted for the password. This creates two keys with a blank password. One is called id_rsa (your private key) and the other is id_rsa.pub (your public key).

9.10.2. Create the Login

With the keys generated, the next step is to upload the public key to the remote server. If you have never dealt with SSH keys before, you probably do not have a .ssh/authorized_keys file on the remote server. If this is the case, you can simply copy the id_rsa.pub to the remote server and call it .ssh/authorized_keys:

foo@local:~$ scp id_rsa.pub 
foo@remote
:
/home/foo/
.ssh/authorized_keys

If you have already created an authorized_keys file on the remote server, you can simply log in to the remote server, open authorized_keys in a text editor, and paste the contents of id_rsa.pub on the local machine into the file on a new line. This is how you add multiple keys on the remote server.

Whichever method you use to get your public key on the remote server, you must set the permissions on the files and directory correctly. Simply issue the following commands:

foo@remote:~$ cd ~/.ssh
foo@remote:~$ chmod 700 ./
foo@remote:~$ chmod 600 *

These commands ensure that your .ssh directory and files are secured. Finally, on the local machine, copy the generated id_rsa file to the .ssh in your home directory to make it the default key for SSH:

foo@local:~$ cp id_rsa ~/.ssh

Now you can test to see that the connection works:

foo@local:~$ ssh foo@remote

You should be able to log in automatically with no password prompt.

9.10.3. Graphically Manage Remote Files

One of the benefits of creating a passwordless login is that it makes graphical administration of a remote server much easier. Not only does this give you the ability to connect to a remote resource in your favorite file manager, but also you can put an icon on your desktop that opens the specified directories and files of the remote server when you click it. This gives you the ability to transfer files by dragging and dropping.

You can display a remote file structure by clicking an icon on your desktop in a number of ways, but this hack covers how to do it for the two major desktop environments, KDE and GNOME.

To access a networked resource in KDE, add a new icon to the desktop by right-clicking the desktop and selecting Create NewLink to Application. Inside the dialog box that pops up, click the Application tab, and you'll see a Command box that you can use to indicate the location of the remote server. This is done with the format:

fish://
user@server/path

When you click the icon, Konqueror loads, and you can use it to deal with the remote server graphically.

To connect to a networked resource in GNOME, click the main Computer menu in the top panel, and then select Disks from the menu. When the window appears that displays your disks and drives, click FileConnect to Server. Inside this dialog box you can select an SSH connection from the Service Type combo box, and then add the server name, port, folder, and username details. Finally, you can name the icon by adding a label to the "Name to use for connection" box. Now the icon will be added to your desktop and will appear in the Network Servers window.

    Team LiB
    Previous Section Next Section