SSH login without password - why would you want it?
Setting up passwordless SSH login from machine LOCAL to machine REMOTE using keys carries many benefits. It can enable you to transfer files safely between these machines even from shell scripts without the need to enter passwords. It can enable you to open an SSH terminal on the remote machine using a simple keyboard shortcut. It can enable you to mount any accessible folder on the remote machine to a folder on the local machine and access it as a network mount.
But there are also some drawbacks. If anyone gains access to machine LOCAL machine REMOTE is compromised as well, thus reducing the security of the overall network setup. So you have been warned. Now let's go and set this thing up.
Setting up SSH key authentication
First log in on machine LOCAL as user YOU and generate a pair of authentication keys. Leave an empty passphrase:
YOU@LOCAL# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/YOU/.ssh/id_rsa):
Created directory '/home/YOU/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/YOU/.ssh/id_rsa.
Your public key has been saved in /home/YOU/.ssh/id_rsa.pub.
The key fingerprint is:
Once the keys have been created all you need to do to enable passwordless SSH login on the REMOTE machine is to append the just generated public key to the authorized_keys on the REMOTE machine.
YOU@LOCAL# ssh-copy-id -i YOU@REMOTE
In case this does not work for you you can try the manual way:
YOU@LOCAL# cat .ssh/id_rsa.pub | ssh YOU@REMOTE 'cat >> ~/.ssh/authorized_keys'
After this step you have completed the setup of passwordless SSH authentication using SSH keys. You can try to login to the REMOTE machine, there should be no password prompt.
YOU@LOCAL# ssh YOU@REMOTE
Some ways to use passwordless SSH login
Once the passwordless login has been setup you can use it in various way. One of the way I use it very commonly is to open a terminal on the REMOTE machine using a keyboard shortcut without the password prompt. In KDE this is very simple to setup.
KDE Menu Editor is started by right clicking the K menu and selecting 'Menu Editor' item
In the 'KDE Menu Editor' you can setup new SSH terminal shortcuts by choosing Debian->XShells->New Item (from toolbar)
Once the new item has been created you can set it up according to the following example:
Name: 'Eterm REMOTE'
Description: 'SSH connection to REMOTE in Eterm'
Command: '/usr/bin/Eterm -T "Window title" -f "#bdbdff" -g 100x55 -e ssh YOU@REMOTE -p YOURSSHPORT'
Now you just need to setup the shortcut. You can do this by clicking the button in the lower right and then pressing the desired shortcut. I used 'Winkey+A' (at least some usage for the Windows key on my machine).
Now you can simply press Winkey+A and you should be presented with a shell on the REMOTE machine. In my real life practical usage, I use this to connect to my production server. In order to increase security, password logins are disabled on the production server, and I changed the colors and title of the terminal to avoid mistaking shell on the production server with shell on my desktop machine. So, now, the only way to login is the passwordless SSH authentication using SSH keys. This completely prevents any type of brute force login attacks.
SCP will not ask for passwords anymore either
Since SCP uses SSH for it's task it will not prompt you for passwords either so now you can use it even from unattended shell scripts.
YOU@LOCAL# scp file.txt YOU@REMOTE:~/
You can setup SSHFS really easy now
SSHFS is a nice way to have your SSH accounts mounted to your local machine and use those remote file systems as if they were on your local machine. It enables you to, for example, edit images that are located on your web server using GIMP without any copying or wasting time. Once the passwordless SSH login has been established between two machines all you need to do to mount the remote machine file system to local machine using SSHFS is the following:
sshfs email@example.com:/remote/path/ /local/path/ -o gid=33,uid=1000,reconnect -p 64811
-o gid=33,uid=1000 - maps remote users group and user id to a local group and user id
-p 64811 - is the remote sshd port
I use this setup daily to access files on my dedicated web server machine and I would refuse to do any development job without it.