Results 1 to 7 of 7

Thread: SSH without passphrase

  1. #1
    Join Date
    Mar 2005
    Location
    Ice cold Norway
    Beans
    517

    SSH without passphrase

    Hi, I have generated SSH keys and copied id_rsa and id_rsa.pub to local and remote .ssh folders. Still when I do "ssh remoteserver" I have to enter passphrase. What am I missing?

    I've checked that both files are identical locally and remote. Please help

  2. #2
    Join Date
    May 2009
    Location
    Fareham, UK
    Beans
    Hidden!
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: SSH without passphrase

    No you dont copy all the files, from the client you need to copy the contents of the file id_rsa.pub and append the contents to the servers file .ssh/authorized_keys this file can contain many lines, one for each authorized client. The command ssh-copy-id done on the client will do this for you but only whilst the server has password authentication enabled, once done, you can disable password authentication and have a passwordless login
    Catch me on Freenode - imark

  3. #3
    Join Date
    Mar 2005
    Location
    Ice cold Norway
    Beans
    517

    Re: SSH without passphrase

    I did "ssh-copy-id -i ~/.ssh/id_rsa.pub servername" and it outputted the expected response. Still, using ssh servername asks for the passphrase.

    I'm using xmonad BTW, if there's a GNOME program that needs to be in the loop for this? Terminal is gnome terminal.

  4. #4
    Join Date
    Apr 2012
    Beans
    6,424

    Re: SSH without passphrase

    You need to be clear about the difference between a password and a passphrase - if it's asking for a password then it suggests it's not finding/recognising the key and is dropping through to regular password-based authentication but if it's asking for a passphrase then it wants the phrase you entered when generating the key pair - you can set a blank phrase if you don't want to be prompted but obviously that loses one factor in security

    Code:
         
    man ssh-keygen
         .
         .
         .
         Normally this program generates the key and asks for a file in which to store the private key.  The public key is stored in a file with the same name but “.pub”
         appended.  The program also asks for a passphrase.  The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a
         string of arbitrary length.  A passphrase is similar to a password, except it can be a phrase with a series of words, punctuation, numbers, whitespace, or any string of
         characters you want.  Good passphrases are 10-30 characters long, are not simple sentences or otherwise easily guessable (English prose has only 1-2 bits of entropy per
         character, and provides very bad passphrases), and contain a mix of upper and lowercase letters, numbers, and non-alphanumeric characters.  The passphrase can be changed
         later by using the -p option.

  5. #5
    Join Date
    Oct 2009
    Location
    Elgin, IL USA
    Beans
    2,930
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: SSH without passphrase

    Something does not make sense. If you generate a key without a passphrase and properly set it up on the server, nothing should ask for a passphrase and no passphrase would work.

    So either you generated that key using a passphrase, or that key does not work and some other key with that passphrase is being used.

    Note that once it is working without any passphase or password, you should limit what commands that key can be used for. Otherwise if anyone obtains that private key, they could do anything you can do.
    i5 650 3.2 GHz, 8 GB, nvidia GTX 750 Ti, 32" 1080p | i7-4700MQ, 8 GB, Intel HD 4600/nvidia GTX 765M, 15.6" 1080p | etc.

  6. #6
    Join Date
    Feb 2008
    Location
    Pelican Bay Correctional
    Beans
    Hidden!

    Re: SSH without passphrase

    Quote Originally Posted by graabein View Post
    when I do "ssh remoteserver" I have to enter passphrase. What am I missing?
    technique mostly;

    Code:
    ssh -qi /path/to/keyfile.pub user@domain.com
    This assumes that you have copied contents of /path/to/keyfile.pub to the end of the file on remoteserver:/home/x/.ssh/authorized_keys
    Where x is the user that you want to have login. x will never be root at that location.

    So, on the machine you want to log into, you should add a line to your ~/.ssh/authorized_keys file that contains exactly the single line that was created in the keyfile.pub file (for whatever choice of "keyfile" you made).

    http://www.eng.cam.ac.uk/help/jpmg/s...eys_howto.html
    Last edited by Habitual; April 5th, 2013 at 11:11 PM.
    If you can't find an answer at Google, you must be typing in Braille.

  7. #7
    Join Date
    Jun 2006
    Location
    Brisbane Australia
    Beans
    713

    Re: SSH without passphrase

    Note also, that most client environments cache any entered pass-phrase locally in your keychain so you only have to enter it once the first time after login. Certainly the ones I use, Ubuntu and Mac OS X do this by default. Make sure you enable ForwardAgent in your ~/.ssh/config. A pass-phrase makes your key much more secure and it's not very onerous to use a pass-phrase once it's cached in your keychain.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •