Big Data

Lab preparation - Configure SSH for passwordless login

Follow these instructions to create an SSH configuration that will enable you to login from your local machine to a remote machine without having to enter a password. This assumes you have Linux or Mac OS X.

Create personal SSH configuration directory

Verify if you have a directory .ssh in your home directory. If not, create it:

mkdir ~/.ssh

The permissions of this directory have to block access for everybody except you. If not, SSH will refuse to work. Set the permissions using the following command:

chmod og-rwx ~/.ssh

If you display the permissions with the command ls -ld ~/.ssh you should see rwx followed by 6 dashes ------, like the following:

drwx------+ 21 marcel.graf  staff  714 Jul  1 16:43 .ssh/

Create a public/private key pair

Run the following command to create a public/private key pair.

ssh-keygen -t rsa -b 2048

Respond to all prompts by entering nothing and just hitting Enter. This will write the keys to the directory ~/.ssh:

Enable a remote host for passwordless login

In this step you will login to the remote host using a password, and then configure SSH for passwordless login.

Log into the remote host:

ssh remotehost

If this is the first time you connect to this host with SSH you should see a warning message similar to the following:

The authenticity of host 'remotehost (193.134.216.182)' can't be established.
RSA key fingerprint is 0c:a1:f2:e9:a3:7d:31:76:4d:83:0c:37:a1:a9:04:f8.
Are you sure you want to continue connecting (yes/no)?

This message is meant to protect you from man-in-the-middle attacks. (It is normal that this message appears the first time you connect to a host. If it appears afterwards, something is fishy.) Respond with yes.

When prompted enter your password.

After you logged in create a directory ~/.ssh and set its permissions to rwx------.

mkdir ~/.ssh
chmod go-rwx ~/.ssh

In the ~/.ssh directory create an empty file authorized_keys and set its permissions to rw-------:

touch ~/.ssh/authorized_keys
chmod go-rwx ~/.ssh/authorized_keys

Open the file authorized_keys in an editor and add a new line containing the content of your public key file id_rsa.pub. (The line will be very long and wrap around in the editor several times.) You can use the clipboard to copy/paste it into the terminal window.

If you don't have an editor you can also use the cat command to append a line to the file:

cat >> ~/.ssh/authorized_keys

The command will wait for you to type a line. Copy/paste the content of the public key file into the terminal window and hit Enter.

Test that SSH works properly

Run the following command to login to the remote host:

ssh remotehost

You should immediately see the command line prompt of the remote host.

Troubleshooting

If SSH is still asking you for your password:

If you get the message "WARNING: UNPROTECTED PRIVATE KEY FILE!" verify on the local host the permissions of the private key file id_rsa: rw-------.