Use ssh to remote login without entering a password
1. Determine your protocol:
% ssh -V
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
2. Select the type of key:
- A RSA key for use with the SSH 1 protocol.
- A RSA key for use with the SSH 2 protocol.
- A DSA key for use with the SSH 2 protocol.
(The rest of these notes assume a RSA key for SSH 2 protocol. RSH keys are reportedly stronger)
3. Use ssh-keygen to generate a key:
% ssh-keygen -t rsa
Follow prompts, but enter an empty passphrase. You can add an passphrase if you want, but you will have to enter a password every time you ssh, and this defeats the purpose of this exercise. This will generate a private key:
~/.ssh/id_rsa
and a public key:
~/.ssh/id_rsa.pub
4. Copy the public key to the remote host and store this in:
~/.ssh/authorized_keys.
(this will be the last time you have to enter a password)
5. Test it:
% ssh user_name@DisplayMachineName.local
you shouldn't need to enter a password.
Remote login without a static IP address
You have to log onto your router and enable port forwarding.
Assign your computer a static internal (i.e. 192) IP, and then port
forward any incoming traffic on port 22 to that IP. With ADSL
you cannot route to a 192 IP directly. It is a non-routable IP
(from the web - i.e. not a public IP) hence why it provides a home
system with an added layer of protection. Anyone wishing to get to it
from the Internet MUST first go through the router in front of it
which has your public IP assigned by the ISP.
If you have a static IP then use that.
If not then use a service such as DYNDNS
http://www.dyndns.com/services/
to get one of their domain names
(i.e. whatever.homemac.com) and configure your router to update
DYNDNS whenever your IP changes. If your router cannot do that, there
are some Mac? tools that will do it (DYNDNS will suggest some).
This way you ssh to user whatever homemac.com (putting in the
appropriate username and domain name of course).
The other consideration will be to disable root login (so someone can't ssh as
root and get su control of your box - note this appears to be case
sensitive. I had "No" in my config file and it wouldn't accept it,
had to be "no"), and even consider using a key instead of a password
challenge (best to have the key on a thumb drive that you keep with
you instead of putting it on your office computer for anyone to
copy/use). But I wouldn't worry about that one right away. Get it to
work as normal password login first. Then check out openssh
documention on the web to figure out how to tweak it.
Comments (0)
You don't have permission to comment on this page.