ssh remote server on some port other than 22 without password

Question

I am usually connecting to the remote server with

ssh user@server.com -p 11000

and then giving the password each time for user. How should I avoid entering the password each time I connect using ssh ?

score 24 · Accepted Answer · edited Apr 13 '17 at 12:36

First, put this in ~/.ssh/config:

Host server
HostName server.com
Port 11000
User user

You will be able to ssh server, then type the password.

Second, check in ~/.ssh/ to see if you have files named id_rsa and id_rsa.pub. If not, you don't have any key set up, so you have to generate a pair using ssh-keygen. You can give the keys a password or not. The generated file id_rsa.pub should look like this:

ssh-rsa lotsofrandomtext user@local

Third, ssh to the server, create the file ~/.ssh/authorized_keys if it doesn't exist. Then append the contents of the ~/.ssh/id_rsa.pub that you generated earlier here. This might mean copying the file contents to your clipboard, then opening ~/.ssh/authorized_keys in a text editor and pasting the thing.

Alternatively, use the command ssh-copy-id server (replace server with the name in ~/.ssh/config). This will do the same thing as above. At times I have seen ssh-copy-id getting stuck, so I don't really like it.

You should now be able to ssh with just ssh server, unless you have chosen to protect your private key with a passphrase. Generally if you don't use a passphrase, you should protect your private key by other means (e.g. full disk encryption).

Fourth (only needed if you protect your private key with a passphrase), put this in ~/.bashrc:

start_ssh_agent() {
    # Try to use an existing agent
    save=~/.ssh-agent
    if [[ -e "$save" ]]
    then
        . "$save" > /dev/null
    fi
    # No existing agent, start a new one
    if [[ -z "$SSH_AGENT_PID" || ! -e "/proc/$SSH_AGENT_PID" ]]
    then
        ssh-agent > "$save"
        . "$save" > /dev/null
        ssh-add
    fi
}
start_ssh_agent

With this, you will only need to enter the passphrase once per computer boot.

The 'narrative' should also include a discussion of how to avoid typing that pesky passphrase all the time. :-) ssh-agent and/or keychain are possibilities to consider. — Faheem Mitha, Mar 28 '11 at 16:18
Also, if your username on the remote host is not the same as your username on the local host, you can add a User user line to ~/.ssh/config. — cjm, Mar 28 '11 at 17:40
@Faheem That's nice, but I've never set up such thing so I don't think I'm in a position to instruct others about it :) — phunehehe, Mar 29 '11 at 01:35

score 7 · Answer 2 · answered Mar 28 '11 at 15:33

7

Turn to key-based authentication.

answered Mar 28 '11 at 15:33

9000

1,639

thank you for the suggestion . I had been looking at the forums but was having problem with the port(11000 instead of 22 ). With ssh -P 11000 I was able to copy with ssh . Many thanks. – Prabesh Shrestha Mar 28 '11 at 15:54

score 6 · Answer 3 · answered Mar 29 '11 at 17:32

As a supplement to phunehehe's answer, see the Gentoo Linux Keychain Guide for a guide to keychain. keychain also uses ssh-agent. The ssh-agent daemon makes the passphrase available (it becomes unavailable when the ssh-agent daemon dies) but keychain reuses an ssh-agent between logins, and optionally prompts for passphrases each time the user logs in, to quote the guide.

ssh remote server on some port other than 22 without password

3 Answers3

Linked