Sometimes you will need to create an account that does not ask for a password, this is usually done for network administration. Creating an account without a password is a severe security violation and opens your sever up to attack. To get around this, create an account with a very strong password and then use public key encryption for logging in. If a user attempts to log in, they will need to know the password. However, you can log in with out a password by using the encrypted keys. You can further increase your security by ONLY allowing a login with the encrypted keys, but that is for another post.

First we need to create the key pair:

[user@client:~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
5f:70:50:e8:81:14:bf:41:b7:fb:0d:be:75:b9:42:9f user@client.domain.com
The key's randomart image is:
+--[ RSA 2048]----+
|       .ooooo    |
|        .ooo .   |
|         .+.o    |
|          .= .   |
|        S . o .  |
|         . . + o.|
|          . . +.=|
|             . Eo|
|              o. |
+-----------------+

You will notice that no password was given. Make sure that these keys are safe because if an attacker gets a hold of them, they can log in without a password.

Create the SSH directory on the server for the user and append the public key to the server’s user.

[user@client:~]$ ssh user@server mkdir -p .ssh
user@server's password:
[user@client:~]$ ssh user@server chmod 700 .ssh
user@server's password:
[user@client:~]$ cat .ssh/id_rsa.pub | ssh user@server 'cat >> .ssh/authorized_keys'
user@server's password:
[user@client:~]$ ssh user@server chmod 600 .ssh/authorized_keys
user@server's password:

It is important that you set the .ssh directory to rwx for yourself and remove access from your group and the world. You must also set the authorized keys to rw for yourself and remove access from your group and the world. On the last command, if it does not ask for a password then it means that your authorized_keys file already had the correct permissions.

Now you can log in to the server without using a password from this user’s account. If you attempt to log into the server as this user from another machine, then it will ask for a password.

UPDATE: Added notes about setting the proper permissions

References:
3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id
How to setup SSH without password
SSH login without password
SSH Without Password
Using SSH without a Password

Leave a Reply

You must be logged in to post a comment.