Overview
This article walks through configuring your website user's SSH connection to your DreamHost server so you will no longer have to enter your password.
Background
Once you set up a shell user and try to log in via SSH, you'll find you must enter your password each time. If you’d like to avoid entering your password every time, you can set up Passwordless Login. This way, you'll be able to automatically log in immediately without needing to enter your password.
How to configure passwordless login
The following instructions configure Passwordless Login for any Unix, Linux, OSX, or Cygwin machine.
In this article, username@server.dreamhost.com is used as the login example.
- Make sure to replace username with your actual shell username.
- Make sure to replace the servername with your DreamHost servername.
Additionally, you can use the default key name of id_ed25519 or create a custom key name. Make sure you use the key name you choose in Step #3 throughout the remaining steps.
Configuring a shell user
See this article for instructions on changing your website user to an SSH (shell user) in your panel. This is required to run the SSH commands in this article.
Creating the .ssh directory on your server (DreamHost server)
This step confirms if the .ssh directory already exists on your DreamHost server, which is needed to copy your local SSH key to your server.
Log into your server via SSH and run the following commands to confirm the ~/.ssh directory exists under your username.
[server]$ cd ~ [server]$ ls -la | grep .ssh
- If you see the .ssh directory listed, proceed with the next step.
- If you do not see it, run the following command to create this directory:
[server]$ mkdir ~/.ssh
Generating the key pair (home computer)
On your home computer:
- Open an SSH terminal.
- Generate an ed25519 private key using ssh-keygen under your username:
[local]$ ssh-keygen -t ed25519 Generating a public/private ed25519 key pair. Enter the file in which you wish to save they key (i.e., /Users/username/.ssh/id_ed25519):
Custom key name
If you press Enter, the key will be created with the default name of id_ed25519.
You can name this anything you like, but if you choose a custom name, you'll need to let your SSH client know about the new key name in Step #6 below. Also, if you choose to use a custom name, make sure to specify the full path to your user's .ssh directory. If you do not, the new key pair is created in the directory you're running the command. For example:
[local]$ ssh-keygen -t ed25519 Generating a public/private ed25519 key pair. Enter the file in which you wish to save they key (i.e., /Users/username/.ssh/id_ed25519): /Users/username/.ssh/customkey_ed25519
- Proceed through the prompts that appear.
Enter a passphrase (leave empty for no passphrase).
You do not need to enter a passphrase, but it's highly recommended as it protects your private key if compromised. If so, someone would still need your passphrase in order to unlock it. The exception to this is if you're running an automated process such as as cron job. You should then leave the password out. From ssh-copy-id:
- "Generally all keys used for interactive access should have a passphrase. Keys without a passphrase are useful for fully automated processes."
- Press Enter to continue.
Enter same passphrase again:
- Press Enter to continue.
- The following message appears:
Your identification has been saved in /Users/username/.ssh/custom_ed25519 Your public key has been saved in /Users/username/.ssh/custom_ed25519.pub The key fingerprint is: SHA256:7pNvrznUREXWY2r1otEwUWo40aKfZDFsUVDac3YuzrI The key's randomart image is: +--[ED25519 256]--+ | o+*+=| | X..o| | @.= +| | o #.* | | Q o @oB o| | . *.C.+ | | ..S.+ | | .o . .o | | .+..+. | +----[SHA256]-----+
Copying the public key to your DreamHost server (home computer)
- Run the following command to copy the public key on your local computer to DreamHost's server.
[local]$ cat ~/.ssh/id_ed25519.pub | ssh username@server.dreamhost.com "cat >> ~/.ssh/authorized_keys"
The authenticity of host 'server.dreamhost.com can't be established. ED25519 key fingerprint is SHA256:dhw3mJELPEz0i5Hzu/9lJR9FiJkK5EtiiPKAw/0zwuU. Are you sure you want to continue connecting (yes/no)? yes
- Confirm the fingerprint in your panel on the SSH Keys page.
- Type out the word yes to continue.
- Enter your ssh username password when prompted.
The commands above create a new file named authorized_keys under your DreamHost user in the ~/.ssh directory.
Update the directory and file permissions (DreamHost server)
You must now update the permissions for the .ssh directory and authorized_keys file to further secure your keys.
Log into your server via SSH and run the following commands:
[server]$ chmod 700 ~/.ssh [server]$ chmod 600 ~/.ssh/authorized_keys
Adding your custom key to your ssh client (home computer)
This step is only necessary if you give your key a custom name in Step #3.1 above. You must then let your SSH client know what the new name is using ssh-agent.
- Run the following command to start ssh-agent. Make sure you use the backquote ` character and not a single quote – this backquote character is usually on the top left of your keyboard on the tilde ~ key:
[local]$ eval `ssh-agent`
- Run the following command to add your custom key.
[local]$ ssh-add ~/.ssh/customkey_ed25519 Identity added: /Users/username/.ssh/customkey_ed25519
- Confirm it's been added by running the following. It will respond with your private key's fingerprint.
[local]$ ssh-add -l 256 SHA256:7pNvrznUREXWY2r1otEwUWo40aKfZDFsUVDac3YuzrI (ED25519)
- Confirm that fingerprint by generating a fingerprint from your custom key's public file.
[local]$ ssh-keygen -l -f ~/.ssh/customkey_ed25519.pub 256 SHA256:7pNvrznUREXWY2r1otEwUWo40aKfZDFsUVDac3YuzrI (ED25519)
Confirming the SSH connection (DreamHost server)
If everything is configured properly, you should now be able to access your DreamHost account through SSH without a password. Try logging in again.
[server]$ ssh username@server.dreamhost.com
You should now be able to log in without using a password.
Specifying a key pair for SSH to use
By default, your client will use the identity (private key) named id_ed25519. However, if you've created more than one key, you can specify which one to use when connecting using the -i flag. For example:
[server]$ ssh -i ~/.ssh/customkey_ed25519 username@server.dreamhost.com