As we discussed earlier in our basic ssh client commands article, when you do ssh to a machine for the 1st time (or whenever there is a key change in the remote machine), you will be prompted to say ‘yes’ for authenticity of host.
When you have the password-less login enabled, you may be either using SSH to execute command in the batch mode on a remote machine or using SCP to copy files from/to the remote machine.
If there are some issues with the password less login, your batch program may end up in a loop or timeout.
In this article, let us review how instruct ssh/scp to do the operation only if you can do without waiting for password.
You can login to a remote Linux server without entering password in 3 simple steps using ssky-keygen and ssh-copy-id as explained in this article.
ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host’s home, ~/.ssh, and ~/.ssh/authorized_keys.
This article also explains 3 minor annoyances of using ssh-copy-id and how to use ssh-copy-id along with ssh-agent.
In our previous articles, we discussed how to setup ssh key based authentication to perform ssh and scp without password under the following three scenarios:
In this article, I’ll explain how to perform ssh and scp from SSH2 (local-host) to OpenSSH (remote-host) with no password.
The previous articles (openSSH to openSSH setup, SSH2 to SSH2 setup) explains about how to setup key based authentication on the same version of ssh to perform ssh and scp without entering password. This article explains how to setup SSH key based authentication between different version of SSH (from openSSH to SSH2) to perform ssh and scp without entering password.
While performing ssh from a local-host to a remote-host that are on different versions of ssh, it is possible that you may get “Algorithm negotiation failed” message. In this post, I’ll explain how to resolve this issue from the ssh client.
1. Unable to ssh to remote-host: In this example, when trying to perform ssh from local-host to remote-host, we get the “Algorithm negotiation failed” error message as shown below. Please note that the local-host is running ssh2 client.
I explained previously how to Perform SSH and SCP without entering password on openSSH. In this article, I’ll explain how to setup the key based authentication on SSH2 and perform SSH/SCP without entering password using the following 10 steps.
1. Verify that the local-host and remote-host are running SSH2. Please note that ssh and scp is a symbolic link to ssh2 and scp2 respectively as shown below.
[local-host]$ ls -l /usr/local/bin/ssh /usr/local/bin/scp lrwxrwxrwx 1 root root 4 Mar 10 22:04 /usr/local/bin/scp -> scp2 lrwxrwxrwx 1 root root 4 Mar 10 22:04 /usr/local/bin/ssh -> ssh2 [local-host]$ ssh -V ssh: SSH Secure Shell 188.8.131.52 (non-commercial version) on i686-pc-linux-gnu [remote-host]$ ls -l /usr/local/bin/ssh /usr/local/bin/scp lrwxrwxrwx 1 root root 4 Mar 10 22:04 /usr/local/bin/scp -> scp2 lrwxrwxrwx 1 root root 4 Mar 10 22:04 /usr/local/bin/ssh -> ssh2 [remote-host]$ ssh -V ssh: SSH Secure Shell 184.108.40.206 (non-commercial version) on i686-pc-linux-gnu
In this article, I’ll explain how to perform ssh and scp without entering the password using the SSH Public Key authentication with SSH Agent on openSSH
There are two levels of security in the SSH key based authentication. In order for you to login, you need both the private key and the passphrase. Even if one of them is compromised, attacker still cannot login to your account, as both of them are needed to login. This is far better than typical password based authentication, where if the password is compromised, attacker can gain access to the system.
There are two ways to perform ssh and scp without entering the password:
- No passphrase. While creating key pair, leave the passphrase empty. Use this option for the automated batch processing. for e.g. if you are running a cron job to copy files between machines this is suitable option.
- Use passphrase and SSH Agent. If you are using ssh and scp interactively from the command-line and you don’t want to use the password everytime you perform ssh or scp, I don’t recommend the previous option (no passphrase), as you’ve eliminated one level of security in the ssh key based authentication. Instead, use the passphrase while creating the key pair and use SSH Agent to perform ssh and scp without having to enter the password everytime as explained in the steps below.
Following 8 steps explains how to perform SSH and SCP from local-host to a remote-host without entering the password on openSSH system