Thread: ssh: safe auto login

hi,

my first tut here and i hope you like it :001_smile:
of course for some it's not new but maybe it can help someone so here we go ...


annoyed by having to enter your password everytime you log into your dedicated server or seedbox or whatelse via ssh? there's a safe and quick solution. the first steps have to be done on your box at home.
so at first the


Home Part:

depending on which ssh app you have it can be different but let's go with the commonly used opensource version openssh for now. (putty has some helper apps for that, read at the end).



now let's get to it. open the command prompt or cygwin (depends on what you have) and execute:

Code:

ssh-keygen

when it's asking for a password just hit enter. you can also choose the location of the files to be generated or just accept the defaults. go to the folder where the new files have been created and open the public file. it might have been named "id_rsa.pub". be sure to open it with a good texteditor e.g. NOT wordpad.
copy the whole content.


now the Server Part:

login to your server and enter the following:

Code:

cd .ssh
cat >> authorized_keys

now the command line is waiting for your input what would be the content of the public key file you copied already so just paste that in. then to get back to the 'normal' command line hit CTRL+D. Now there's only one more step to do:

Code:

chmod 600 authorized_keys

for cygwin or other terminals that might be enough so try it out by logging out and back in. you should get in just like that. no password anymore and even safer than a normal password because your generated personal and unique key is used.


For Putty:

to make it work for putty and maybe other ssh apps you have to run some kind of public key server named Pageant. it's on the putty download site. they also have an app to generate the keys if you don't feel like using the terminal called PuTTYgen.
the usage of Pageant is easy. just fire it up, point it to your public key file and let it run in the backgrund. as long as it's running they key can even be used in the normal windows command prompt or other gui apps.


this guide works on any unix like os and under cygwin or similar apps on windows. actually all you need is a unix terminal and off you go

if you have any questions post them here so everyone can benefit from the solution.

Good tutorial. I do this a little differently, but this works just as good. In my opinion this is one of the first things users should do when getting a server or seedbox. The other would be changing the ssh port from 22 to something else. With these two options your server is that much safer then the normal login. I log my firewall connections on my dedi and u would be suprised at how many connection attempts on port 22 i get. At least 25 a day.

Originally Posted by MikeD

Good tutorial. I do this a little differently, but this works just as good. In my opinion this is one of the first things users should do when getting a server or seedbox. The other would be changing the ssh port from 22 to something else. With these two options your server is that much safer then the normal login. I log my firewall connections on my dedi and u would be suprised at how many connection attempts on port 22 i get. At least 25 a day.

changing ports would be the next guide :001_smile:

however portscanners can identify the service no matter which port ...

Yeah thats definitely true and there is no getting around that. Thats why u should always take the necessary steps in protecting yourself as it limits the chances. I even use a different ftp port then the default and also connect through a tunnel with vnc. Like i mentioned in my other post, this is a great tutorial and should be one of the first things a user does when they get a new server or seedbox. Thanks.