SSH automatic logon

Adding SSH keys to automate login

So we want the mybooks to autologin using a long keyfile. Later on we will remove the option to log in using a password for the SSH setup (basically hardening the SSH setup).

Start on mybook1. We need to repeat this procedure on mybook2.

Let's move over to the special .ssh directory

cd ~
mkdir .ssh
cd .ssh

Next generate a SSH keypair:

ssh-keygen -b 4096 -N '' -t rsa -f id_rsa

This command generates a new long keyfile with NO passphrase, filetype RSA and filename id_rsa. This will take a couple of minutes, so please be patient with your mybook, it's a slow little computer you know. When done you should have two new files called id_rsa and This is a SSH keypair, both a public key and a private key.

So now we copy over the public keyfile from the mybook1 to mybook2. Execute the next four commands.

ssh root@mybook2 'mkdir .ssh'
cat ~/.ssh/ | ssh root@mybook2 'cat >> .ssh/authorized_keys'
ssh root@mybook2 'chmod -R go-rwx .ssh'
ssh root@mybook2 'chmod go-rwx ~'

The first command makes a new directory. The next command then adds the local public key to the authorized_keys file on the other mybook. The final commands adjust directory and file permissions so that nobody except the owner, root, can access or work with files in the .ssh and /root folders. SSH is very fussy about these permissions, and will fail without telling you why if it deems the current settings insufficiently secure.

Every ssh command above will make you log on to the box, just enter the root password you have set.

Now go back to the beginning, log on to mybook2 and repeat this procedure of generating keys and copying the public key over to mybook1. When you have keys generated on both boxes, and copied over the public key into the authorized_keys. Now you should be able to log on using ssh without the need to enter a password, instead the private key is used to authenticate the session.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License