Put end for asking password for everything LINUX with OpenSSH

Do you feel passwords are bad because they could be brute-force or captured with a key-logger or can be stolen? Sometimes I feel irritated with complex credentials! Often I wish to automate few tasks and I found this…..  

Password less authentication uses RSA/DSA authentication protocols, new OpenSSH users often configure RSA/DSA in quick and dirty way password less logins, but yes it opens up a big security hole in the process, if somebody get a access somehow he can be master of culprit in anytime.

Wow is it amazing!!  To establish secure connections without having to manually type in a password, RSA /DSA authentication requires some initial configuration. We need to perform these initial configuration steps only once !!.

Supports multiple environments, Windows (run Cygwin client) and Apples OS X also use OpenSSH.

Public/Private Key Generation

showry@LAMPHOME:~> ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/showry/.ssh/id_rsa):

Created directory '/home/showry/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/showry/.ssh/id_rsa.

Your public key has been saved in /home/showry/.ssh/id_rsa.pub.

The key fingerprint is:

3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 showry@LAMPHOME

Sharing Public key with Remote machine(authorized_keys2 file)

Then you may have to create a directory ~/.ssh as user amit on “LAMPCLIENT” (some case directory may be already present):

showry@LAMPHOME:~> ssh amit@LAMPCLIENT mkdir -p .ssh

amit@LAMPCLIENT's password:

Next step append showry@LAMPHOME new public key to amit@LAMPCLIENT:  .ssh/authorized_keys and enter amit's password one last time:

showry@LAMPHOME:~> cat .ssh/id_rsa.pub | ssh amit@LAMPCLIENT  'cat >> .ssh/authorized_keys'

amit@LAMPCLIENT's password:

From now on you can log into LAMPCLIENT as amit from LAMPHOME as a without password:

showry@LAMPHOME:~> ssh amit@LAMPCLIENT ' hostname'

LAMPCLIENT

Sometime I found issue with permission, here are cheats to follow(depends of SSH version):

Put the public key in .ssh/authorized_keys2

Change the permissions of .ssh to 700

Change the permissions of .ssh/authorized_keys2 to 640

Conclusion

We started by generating a pair of keys on the Source machine from where we want password less SSH to Remote machine, one private and one public key(unless Remote machine are happy to save our public key will grant access). Interesting things are public key can be used in encryption, and those who holds private key can only decrypt. Thus RSA/DSA authentication protocols use this key pairs to perform secure authentication, without transmitting any confidential information over the network.

IMP!!! Our private key is so important that falling into wrong hands would definitely cost us. Using private key one will get grant to access to our remote systems, J just like us!! .

Final Question: Which one should go!! DSA or RSA?  - RSA is choice of most number of people http://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys