ssh login using DSA public keys, without typing password

cygwin-openssh

Sometimes it is desirable to establish a ssh connection (e.g. machine to machine) without (human typing) a password at the console.

Halloween Costumes 2011.

For example, to automatically back up files from "Office" (using scp or rsync encrypted with ssh) to a Linux server at a remote data center.
(many business are required to have "off site" back-up of important data files in case of theft or fire damages).

Note: If you use Putty and the remote Linux server already has public key, you can follow this link to import the Linux ssh public key to putty.
http://linux-sxs.org/networking/openssh.putty.html Thanks to Matthew Galbraith for his suggestion.

At the office computer, pop a cygwin windows, generate a Private key and a corresponding Public key, (geeks call this a key pair)
when asked for location to store keys, just hit Enter, when asked for pass phrase, just hit Enter (means no pass phrase)
(you don't want a pass phrase to be associated with the keys so that you don't have to be there when the machine starts mid-night backups.)
The keys are now stored in a so called "hidden" directory at "~/.ssh"
The actual directory, if you install cygwin package in c:\cygwin, is c:\cygwin\home\currently_login-user\.ssh

ssh-keygen -t dsa
cd ~/.ssh
dir

You will see some files, id_dsa is your private key, id_dsa.pub is your public key

At the remote data center Linux serve, (assuming you have an account called "john"), create a .ssh directory.
If the .ssh directory already exists, it will give an error message "cannot create directory", that is OK.

At the office computer, pop a cygwin windows, copy your Public Key to the remote Linux server

cd ~/.ssh
scp id_dsa.pub john@remote_linux_server_ip_address:~/.ssh/newkey

At the remote data centre Linux server, add (technically speaking, append) the office's Public Key to a special key file called "authorized_keys"

login john
cd ~/.ssh
cat newkey
cat newkey >> authorized_keys
rm newkey
chmod 600 authorized_keys (or chmod 644 authorized_keys)
exit

At the office computer, pop a Cygwin windows,
ssh to the remote Data Center's Linux server, it should not ask for a password anymore.

ssh john@remote_linux_server_ip_address

As with any key scheme (like your car key, house key, bank key), you have to be very careful not to leak or loose the Private key
(i.e., ~/.ssh/id_dsa ) or else game over.
Geeks call this method of allowing access "authentication using public keys".
We are talking about real geeks, not the Halloween costumes, dress up kind, fake glasses etc.

See this page on how to install openssh-cygwin on Windows 2000 and Windows XP.

It is also possible to duplicate this method for Putty (an excellent ssh client for Windows, freeware).

-install notepad++ from http://notepad-plus.sourceforge.net/
-invoke PUTTYGEN and generate a pair of DSA keys.
-cut and paste the public key into notepad++ and save it as "newkey". Make sure there is a LF at the end of file.
-invoke putty, in the ssh-Auth section, tell putty where the private key is. (and save the session)
-transport the "newkey" to the ssh server's /root/.ssh/ directory, then cat newkey >> authorized_keys

After you tested out thoroughly ssh login with public keys, you may want to disable password login completely:
edit /etc/ssh/sshd_config
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Disclaimer

Last revised: July 13, 2011