How to Set Up a Password-less SSH Login

May 25, 2012 - 15 Comments

Set up password-less SSH logins

Setting up passwordless SSH logins is a great way to speed up connections to regularly accessed remote Macs and unix boxes. Because OS X doesn’t include the ssh-copy-id command, you will have to use cat or scp to copy over your ssh key. This is how to set everything up, it only takes a minute or so.

First, on the local machine you will want to generate a secure SSH key:

ssh-keygen

Walk through the key generator and set a password, the key file by default goes into ~/.ssh/id_rsa

Next, you need to copy the generated key to the remote server you want to setup passwordless logins with, this is easily done with the following command string but you can use scp if you’d prefer:

cat ~/.ssh/id_dsa.pub | ssh user@remotehost 'cat >> ~/.ssh/authorized_keys'

This command takes the generated SSH key from the local machine, connects to the remote host via SSH, and then uses cat to append the key file to the remote users authorized key list. Because this connects with SSH to the remote machine you will need to enter the password to use this command.

Finally, confirm that you can now login to the remote SSH server without a password:

ssh user@remotehost.com

Assuming initial setup went as intended, you will connect to the remote machine without having to log in. You can shorten the connection steps even further by creating an alias in bash_profile so that you are only required to type a short command to immediately connect to the specified remote server.

There are some obvious potential security risks with using ssh without a password, the best way to mitigate that is to lock down the client machine with lock screens for screen savers and sleep and boot passwords, all of which you should be utilizing anyway.

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: William Pearson in Command Line, Mac OS X, Tips & Tricks

15 Comments

» Comments RSS Feed

  1. jeff says:

    so useful, and pretty simple… but for more info
    http://www.afp548.com/netboot/mactips/rsync.html

    from bombich, carbon copy cloner author.

  2. Mert Emin says:

    You have a typo here “cat ~/.ssh/id_dsa.pub”. Plus, for ones who get “stdin: is not a tty” message, please check this out http://webhostingneeds.com/Git_stdin_is_not_a_tty

  3. abubasim says:

    The authorized_keys file should not be accessible by everyone, while the ~/.ssh directory can have execute permission for everyone so anyone can collect your public key files (*.pub). Make sure the authorized_keys and private key files are well protected.

    So better add umask:

    cat ~/.ssh/id_dsa.pub | ssh user@remotehost ‘umask 066; cat >> ~/.ssh/authorized_keys’

  4. Lri says:

    The first step was to create an RSA key pair, but the second step currently has `cat ~/.ssh/id_dsa.pub`.

    If the remote host doesn’t already have an .ssh directory, this should create it and the authorized_keys file with the correct permissions:

    `cat ~/.ssh/id_rsa.pub | ssh user@host.com “umask 0077; mkdir -p ~/.ssh; cat >> ~/.ssh/authorized_keys”`

    The first zero in `umask 0077` means that it’s an octal number. 077 means that all permissions should be subtracted from group and other. (So created folders will have 700 and files 600 permissions by default.)

  5. pencil says:

    brew install ssh-copy-id
    ssh-copy-id user@remotehost

  6. Moti says:

    +1 for ssh-copy-id …

  7. Jeff says:

    Will this only work if you are the same user on your mac as you are on the linux box?
    Can this be set up to log in as a different user?

  8. James says:

    This doesn’t work for me :-(
    I’m using Mountain Lion trying to connect to a Linux box (Linux cardiff 2.6.32.36-grsec)
    Any ideas guys?

    • Isabelle says:

      James, I use Mountain Lion and by default ssh-keygen generates an id_rsa.pub key instead of id_dsa.pub key.
      Just copy id_rsa.pub as described above and it should work.

  9. Karl says:

    I had to create a private key and leave it on my client to get it to work.
    ssh-keygen -b 1024 -t rsa -f id_rsa -P “”

  10. Leaman Crews says:

    Did not work for me. Actually, I used to set up this all the time in the early days of OS X and know the procedure by heart, but it seems to have stopped working for me some time around Leopard (10.5).

    I created the public key on my Mac Pro running 10.8.2, and the machine I copied the public key to (and would like to connect to without password) is a Mac Mini running 10.6.8. Could the Mountain Lion->Snow Leopard connection be a source of by problem?

    I also have a 15″ Retina MBP running 10.8.2 that I could test on, to see if I can get the two machines running 10.8.2 to see if they can connect without passwords.

  11. Worked great; thanks for concise instructions, including command-line detail.

  12. ben says:

    Love the ssh-copy-id if you have it. Otherwise got to watch the newlines and any other characters. Even still, there was one time (at band camp) where I was putting up a two-node SLES cluster on VM and to make life easier I wanted them to ssh/scp to each other without password.

    I tried multiple times (probably an hour) trying to copy/cat/sftp(then mv or cp) the file into the authorized_keys and it would not work!! It worked from node01 to node02 but not the other way around.

    After about an hour of frustration, I tried google, found out about the ssh-copy-id (new to me..) and it worked easily. Not sure what I ended up doing wrong, but nowadays if ssh-copy-id is available, I use it first.

  13. Chap says:

    The article starts out saying that, by default, the key file is written to ~/.ssh/id_rsa. Several lines further down it describes cat’ing ~/.ssh/id_dsa.pub. Is this an error, as several others have suggested? If so, I hope the author will make the correction.

Leave a Reply

 

Shop for Apple & Mac Deals on Amazon.com

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates