[UPD:2020-10-16] Passwordless SSH login & filesystem mount (HOWTO)

[UPD:2020-10-16] Passwordless SSH login & filesystem mount (HOWTO)

Once you have set up your ssh keys on the remote host (the server), and also on the local client (your PC), you can connect without (necessarily) having to input a password. To make this secure, the 2 connecting machines need to establish that you’re an OK person on both sides by exchanging keys which are setup in advance (by you and/or your sysadmin).

  • You need to ensure you’re at the right server
    • via ~/.ssh/known_hosts
  • The server needs to establish that you’re allowed in
    • via ~/.ssh/authorised_keys

SSH doesn’t like it if your home or ~/.ssh directories have group write permissions. If this is the case, you might get chucked out even though everything looks like it is OK.


example:
remote server

  • IP address: 192.168.1.111
  • username: USER001
  • sshd running on (non-standard) port 11122
  • RSA 2048 keys (You should have this info (from the server/sysadmin) to verify/ensure that you’re connecting to the right place. If they don’t match – something is WRONG!)
    • MD5:24:06:00:35:00:68:32:19:39:bf:f9:5a:a3:19:a8:b8
    • SHA256:M6119PDXRT4isH8BmRWZzsVPd3qsdzEZBEonV24f24U

At the intended server console, logged in as root or a sudo privileged user….


Now… at YOUR workstation…[You should have your system set up for PKIs already (ie. you SHOULD have ~/.ssh/id_rsa.pub on YOUR system) or this entire process will fail].


The shell prompt should look something like this
USER001@192.168.1.111:~$

which means (roughly)
username
@(remote) hostname/IP
:current subdir (/home/USER001 in this case – verify by typing “pwd”)
$privilege ($ is normal, # indicates root – it is UNWISE (to say the very least) to login as root directly)


Secure FileSystem mount:
IF you’re on a LAN, and/or speed is not a major issue, you can also mount the remote filesystem (“locally”) via SSH to make file copying/viewing/editing easier (using sshfs). Obviously you need to have appropriate permissions to see/edit the files.

Leave a Reply

Your email address will not be published.

twenty − seven =