This article will explain a way to connect to remote machines without a password.
Note to Windows users: Since this applies to Linux machines you will have to log in with putty to quantum, and set up the passowordless ssh to remote machines from there. This may seem impractical, but it's actually a required step for sshfs (to be covered in the next article).
Let's say I want to connect to the HPC server but I don't want to be bothered with the password everytime I log in ( I already logged in securely to the machine I'm working on, so there's a layer of proctection there already).
normally I issue the command:
ssh lbasurto@hpc.utep.edu
which prompts me for the password.
In order to avoid being prompted the password, follow these steps:
issue the command
ssh-keygen -t rsa
This tells ssh to generate a pair of files (called keys) to be used by the remote host and the local host to check that they are allowed to connect.
Just follow the prompts with the default options:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/lbasurto/.ssh/id_rsa):
Just press Enter here.
Enter passphrase (empty for no passphrase):
Press Enter here (no password).
Enter same passphrase again:
Again press Enter (no password) .
Your identification has been saved in /home/lbasurto/.ssh/id_rsa.
A bunch of information follows this.
Your public key has been saved in /home/lbasurto/.ssh/id_rsa.pub.
The key fingerprint is:
The keys are created on a local directory called .ssh in you home directory, it has a dot in the beggining meaning that it's invisible, so you don't normally see it (but it's there).
Now we want to copy the key to be used by the remote host (it's called id_rsa.pub), we will put it in the .ssh folder on the remote machine and append it to a file called authorized_keys there, so issue the command:
ssh-copy-id -i /home/lbasurto/.ssh/id_rsa.pub lbasurto@hpc.utep.edu
This copies the local file id_rsa.pub to the remote location and appends it to a file called authorized_keys in the .ssh directory of my home directory in HPC.
You can log in to your remote system to verify that the file is there (plus we need to set some permissions).
The remote directory .ssh may not exist if this is the case, you can just create it yourself in the remote machine by doing:
mkdir .ssh
in the home directory of your remote machine adn then recopy the file from you local machine.
In the remote machine we have to make sure that certain permissions are set properly
the directory .ssh should have it persmissions set to 700
chmod 700 .ssh
The file authorized_keys should have its permissions set to 600
chmod 600 .ssh/authorized_keys
You can logout from the remote machine and go back to your local machine.
Finally,we have to tell ssh to add the newly created key to the list of trusted users, so do:
ssh-add
That's it!, next time you want to log in to the remote machine it will not ask you for a password.