To connect from the client to the server without using a password, you need to generate a key on the client. This key is then installed into the server's authorized_keys file, and then the client can connect without standard password authentication.
On the client as the user who will run ssh to the remote host:
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx [local-user]@[local-host]Once you have done this, you need to append it to the authorized_keys file for the user you will be logging in as on the remote server:
# cat ~/.ssh/id_rsa.pub | ssh [remote-user]@[remote-host] "cat >> ~/.ssh/authorized_keys"N.B. Replace [remote-user] and [remote-host] with appropriate values. You might need to change it to ~/.ssh/authorized_keys2 depending on your sshd config file, which can be found in /etc/ssh/sshd_config on the server. Check for the AuthorizedKeysFile config parameter.
SSH Multiplexing
SSH can allow multiple virtual connections via the same single network connection. This is called SSH multiplexing, and can make it faster to connect to a server after establishing the initial connection.
Add the following into ~/.ssh/config or /etc/ssh/ssh_config:
Host *
ControlMaster auto
ControlPath ~/.ssh/socket-%r@%h:%pThis will create a socket for each set (user, machine, port) when the first SSH session is opened. Further sessions will see the socket and use it instead of opening a new connection, multiplexing all concurrent connections via the same connection. The same goes for SCP and SFTP.
Nice side-effects of this:
- No functionality is lost at all.
- SSH sessions will open faster, as there is no need to establish a connection.
- You will not need to enter you password everytime (but note that maybe you should be using public-key authentication).
- You can open several sessions to servers which put a limit on the number of simultaneous connections.
- If you are a sysadmin, you can limit the number of SSH connections to exactly one per user.
Further Information
OpenSSH is a fantastic tool and every system administrator should learn how to use it. There are many resources out there, but here are some which I think is great:
Comments
Nice article :)
Note that rather than using:
On many machines you can just use:
Leave a comment
Please note, comments must be formatted using Markdown. Links can be enclosed in angle brackets, e.g.
<www.codeotaku.com>.