ssh login using DSA public keys, without typing password

cygwin-openssh

Sometimes it is desirable to establish a ssh connection (e.g. machine to machine) without (human typing) a password at the console.

For example, to automatically back up files from "Office" (using scp or rsync encrypted with ssh) to a Linux server at a remote data center.
(many business are required to have "off site" back-up of important data files in case of theft or fire damages).

At the office computer, pop a cygwin windows, generate a Private key and a corresponding Public key, (geeks call this a key pair)
when asked for location to store keys, just hit Enter, when asked for pass phrase, just hit Enter (means no pass phrase)
(you don't want a pass phrase to be associated with the keys so that you don't have to be there when the machine starts mid-night backups.)
The keys are now stored in a so called "hidden" directory at "~/.ssh"
The actual directory, if you install cygwin package in c:\cygwin, is c:\cygwin\home\currently_login-user\.ssh

ssh-keygen -t dsa
cd ~/.ssh
dir

You will see some files, id_dsa is your private key, id_dsa.pub is your public key

At the remote data center Linux serve, (assuming you have an account called "john"), create a .ssh directory.
If the .ssh directory already exists, it will give an error message "cannot create directory", that is OK.

At the office computer, pop a cygwin windows, copy your Public Key to the remote Linux server

cd ~/.ssh
scp id_dsa.pub john@remote_linux_server_ip_address:~/.ssh/newkey

At the remote data centre Linux server, add (technically speaking, append) the office's Public Key to a special key file called "authorized_keys"

login john
cd ~/.ssh
cat newkey
cat newkey >> authorized_keys
rm newkey
chmod 600 authorized_keys (or chmod 644 authorized_keys)
exit

At the office computer, pop a Cygwin windows,
ssh to the remote Data Center's Linux server, it should not ask for a password anymore.

ssh john@remote_linux_server_ip_address

As with any key scheme (like your car key, house key, bank key), you have to be very careful not to leak or loose the Private key
(i.e., ~/.ssh/id_dsa ) or else game over.
Geeks call this method of allowing access "authentication using public keys".

See this page on how to install openssh-cygwin on Windows 2000 and Windows XP.

It is also possible to duplicate this method for Putty (an excellent ssh client for Windows, freeware too).

-install notepad++ from http://notepad-plus.sourceforge.net/
-invoke PUTTYGEN and generate a pair of DSA keys.
-cut and paste the public key into notepad++ and save it as "newkey". Make sure there is a LF at the end of file.
-invoke putty, in the ssh-Auth section, tell putty where the private key is. (and save the session)
-transport the "newkey" to the ssh server's /root/.ssh/ directory, then cat newkey >> authorized_keys

After you tested out thoroughly ssh login with public keys, you may want to disable password login completely:
edit /etc/ssh/sshd_config
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Disclaimer

Last revised: December 07, 2008