You are hereAvoiding Password Prompt When Using ssh

Avoiding Password Prompt When Using ssh


By steve - Posted on 11 May 2012

When creating scripts and automating contacts between systems, especially unix-based stuff, you often want things to be automatic without a password prompt. Your script will hang at the password prompt and you'll not be running your process like you want! This is really bad for a scheduled process and kind of annoying for a manual process. You'll get prompted for each command you run.

The solution is to use a private/public key on your systems so that ssh, scp, and related commands won't prompt for a password...

The private/public key pair works because the computer running the script has the private key and the computer you are connecting to has the public key.

To set this up, you need to:

  • Create your keys on the client computer (the one running the script).
  • Copy the public key to the remote computer (the one you are running the command on).
  • Put the public key in a common file where ssh looks for it automatically.
  • Test it.
  • ssh-keygen is used to generate that key pair on the client computer running the script.

    Using cygwin, do this and accept the defaults:

    \cygwin\bin\ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key 
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /whatever/id_rsa.
    Your public key has been saved in /whatever/id_rsa.pub.
    The key fingerprint is:
    f6:61:a8:27:35:cf:4c:6d:13:22:70:cf:4c:c8:a0:23 user@client
    The key's randomart image is:
    +--[ RSA 2048]----+
    |      o. + o+ .o+|
    |       ** *. * +.|
    |        .o .. . .|
    |         . .   oE|
    |        S E . o .|
    |         . . o + |
    |            o o .|
    |             .   |
    |                 |
    +-----------------+
    
    

    If you are running this on a unix system, the results will be similar.

    You run this once on your script-running computer for the user running the script. You can then use the file created for all the remote computers you will be connecting to.

    Copy the file to your remote system to the user's ssh directory that you will be connecting as. You don't have to have the same user id. You just need to know what user you'll be connecting as.

    This is all one line:

    \cygwin\bin\scp /home/myuser/.ssh/id_rsa.pub
     steve@11.11.15.15:/home/steve/.ssh/steve.laptop.pub
    

    (In this example, I will be prompted for my password and the copy then completes.)

    Now ssh to your remote system and append that file to your .ssh/authorized_keys file:

    cd /home/steve/.ssh
    cat steve.laptop.pub >> authorized_keys
    rm steve.laptop.pub
    

    To test it, go back to your script running client computer and try copying the file again:

    \cygwin\bin\scp /home/myuser/.ssh/id_rsa.pub
     steve@11.11.15.15:/home/steve/.ssh/steve.laptop.pub
    

    (In this example, I will NOT be prompted for my password and the copy then completes.)

    If the copy works, remote back into the other system and delete the public key file, since it isn't needed.

    At this point, you should be able to run scripts and call commands like ssh or scp and not be prompted for a password.

    If you need to change your private/public key pair, repeat the process. You need to remove the entry for the old key pair (using nano or some other editor) before appending a new public key to authorized_keys.

    Now all you need to do is copy the file to the other servers you access and you'll be able to access them as well. Don't regenerate the public key! Just re-use the one you have.

Did this help you? You can help me!


Did you find this information helpful? You can help me back by linking to this page, purchasing from my sponsors, or posting a comment!


+One me on Google:


Follow me on twitter: http://twitter.com/mojocode







Comments



Affiliation Badges