Misc Linux tips

SSH login without a password

At first you may ask why you would ever want to be able to login to a remote computer without specifying a password.
Is't it a security risk?
Well kinda, it lowers the security to the least secure machine.
However you still need to be logged on with a specific user on the machine setup for password less login to the other machine.
And anyone logged in as you could just sniff you password. One way of doing so could be to modify you .bashrc (presuming you use bash as shell) to contain the line "alias ssh=myPasswordSniffer", write a keystroke sniffer and wait for you to login. There may be a better way but never mind.
Also remember that the sys-admin of your machine can log on the remote machine without knowing the password, he may of course also replace ssh with a keystroke sniffer, after all he is GOD.
I don't consider it too great a risk to use password less SSH, but judge for your self, and I would not recommend it for your Pentagon account(nor any root login).

Here is a couple of examples where it is nice. CVS over SSH, distcc over SSH.

How to do it

  • "cd .ssh"
  • "ssh-keygen -t dsa" see "man ssh-keygen" for more info (use empty password). You should now have two files "id_dsa" and "id_dsa.pub". They are you private and public key files
  • Move "id_dsa" to ".ssh/identity" (I don't know how to have two different secret keys in one file. You may want to store your public key, you can then install this on multiple remote hosts)
  • Make sure that no-one but you have any rights to the file ".ssh/identity"
  • Copy "id_dsa.pub" to the remote host.
  • Log on to the remote host
  • "cd .ssh"
  • Open/create "authorized_keys" in your favourite text editor, paste the content of "id_dsa.pub" on a new line in the file (append it)
  • Make sure that ssh works without having to use any passwords
  • You may delete "id_dsa.pub" but this is not important
This also works under Windows using Cygwin.