Secure SSH, CVS, SCP without Password Prompt

For the old version of this homepage I have used CVS to update the websites. I have done this via SSH, which is pretty secure but has the annoying disadvantage of asking for a password for each operation. If you can trust the security of your client computer, there is a way to get rid of the password altogehter, without loosing security:

  1. Suppose the domain name of your server is server, and your login name loginname.
  2. On the client, generate a public and private key. 
    ssh-keygen -C loginname@server -t dsa

    When asked for a password, simply press return. The private key is stored in ~/.ssh/id_dsa, and the public key in ~/.ssh/id_dsa.pub. Never give the private key away!

  3. Copy the public file to the server with 
    scp ~/.ssh/id_dsa.pub loginname@server:~/
  4. Login on the server with 
    ssh loginname@server

    append the copied file to ~/.ssh/authorized_keys with

    cat ~/id_dsa.pub >>~/.ssh/authorized_keys
  5. If you want to enable this features on other servers, just repeat step 3 on each of the servers.

That’s it! If you have done everything correctly, the next time you login via SSH or use CVS over SSH, you will not need to enter a password yet you have a secure connenction.

September 22, 2005 | Filed Under linux, tricks

4 Comments 

4 Responses to “Secure SSH, CVS, SCP without Password Prompt”

  1. Martin Carpella on July 12th, 2007 10:44 am

    Hi, I know this is a rather old article, but I just found it on your “Top 10″.

    I’d strongly recommend against using password-less private keys, as stealing the key also means stealing the ability to login to the other remote systems. I, for myself, use passwords for keys, and use tools like pageant (for PuTTY/Win32) and Gentoo Keychain. This allows me to have to just type in the key once per reboot. This is especially useful if you are using tools that depend on automatic login (like unison for instance).

    Best regards,
    Martin

  2. Martin Ankerl on July 12th, 2007 11:04 am

    Hi Capi! I don’t see much of a security problem here. When the private key is stolen, the server can easily revoke the access rights for that user.

  3. Martin Carpella on July 13th, 2007 7:26 am

    Yes of course, you are right about this. Given you notice the theft. Ok, I agree, I am just a little bit over-cautious here (others may also call it paranoia ;-) ).

  4. Masked Phrogg on March 1st, 2009 1:02 am

    Ah ha!
    I’m coming a bit late to this party :)
    Always wondered what was meant by keyed entry aka passwordless entry via ssh.
    Thanx for the clue :-o
    I don’t do anything “mission critical” and the password request does get to be a nuisance at times. Now to figure out how to keep some keys on local fs and some keys on transient storage (aka usb Storage unit)

Leave a Reply