Overview
Once you set up a shell user and try to log in via SSH, you'll find you must enter your password each time. If you’d like to avoid entering your password every time, you can set up Passwordless Login. This way, you'll be able to automatically login each time immediately without needing to enter your password.
In this article, 'username@server.dreamhost.com' is used as the login example.
- Make sure to replace username with your actual shell username.
- Make sure to replace the servername with your DreamHost servername.
The following are instructions on how to set up Passwordless Login for any Unix, Linux, OSX, or Cygwin machine.
These instructions can also be used to create and assign SSH keys to an admin/root user on a Dedicated Server.
Step 1 — Generating the key pair
On your home computer:
- Generate an RSA private key using ssh-keygen (unless you have already created one).
- If you’re using Linux or Mac OS X, open your terminal and run the following command under your username:
[local]$ ssh-keygen -t rsa
- This creates a public/private keypair of the type (-t) rsa.
Generating a public/private rsa key pair. Enter the file in which you wish to save they key (i.e., /home/username/.ssh/id_rsa).
If you click 'Enter', the key will be created with the default name of 'id_rsa'. You can name this anything you like, but if you choose a custom name, you'll need to let your SSH client know about the new key name. View Step #3 below for details.
Also, if you choose to use a custom name, make sure to specify the full path to your user's .ssh directory. If you do not, the new key pair is created in the directory you're running the command.
- Once the keypair is created, you are prompted to enter the following items.
- Click Enter on your keyboard to continue.
Enter a passphrase (leave empty for no passphrase).
You do not need to enter a passphrase, but it's highly recommended as it protects your private key if compromised. If so, someone would still need your passphrase in order to unlock it.
The exception to this is if you're running an automated process such as as cron job. You should then leave the password out. From ssh-copy-id:
- "Generally all keys used for interactive access should have a passphrase. Keys without a passphrase are useful for fully automated processes."
- Click Enter on your keyboard to continue.
Enter same passphrase again:
- Click Enter on your keyboard to continue.
- When finished, click Enter on your keyboard.
- The following message appears:
Your identification has been saved in /home/username/.ssh/id_rsa Your public key has been saved in /home/username/.ssh/id_rsa.pub The key fingerprint is: ar:bc:d3:9e:g3:1f:63:6f:6b:32:2e:97:ee:42:e1:be username@server.dreamhost.com The key’s randomart image is: +--[ RSA 2048]----+ | ..+**B.o++o | | . o+==o. o | | . .oo.= | | . +E+ . | | S . | | | | | | | | | +-----------------+
Step 2 — Copying the public key you just created on your home computer to your DreamHost server
Linux
When using Linux you have two options. You can use ssh-copy-id or the instructions below for Mac OS X. Both work to copy the local public key to your DreamHost server.
- Copy the public key on your local computer to DreamHost's server by running the following command on your Linux machine.
[local]$ ssh-copy-id -i ~/.ssh/id_rsa.pub username@server.dreamhost.com
If you get the error message "Too many arguments" make sure to check the command. The -i flag must be used.
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed == if you are prompted now it is to install the new keys username@server.dreamhost.com's password:
- Enter your password and you'll see the following:
Number of key(s) added: 1
Now try logging into the machine, with: ssh username@server.dreamhost.com and check to make sure that only the key(s) you wanted were added.
Mac OS X command
- Run the following command to copy the public key on your local computer to DreamHost's server.
[local]$ cat ~/.ssh/id_rsa.pub | ssh username@server.dreamhost.com "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"
- This command assumes you do NOT already have an /.ssh directory under your DreamHost username. This command creates the /.ssh directory for you on your DreamHost server.
- If you already have an /.ssh directory on your web server, just remove the mkdir ~/.ssh; section, while keeping the double quotes. For example, it will look like this:
[local]$ cat ~/.ssh/id_rsa.pub | ssh username@server.dreamhost.com "cat >> ~/.ssh/authorized_keys"
The authenticity of host 'server.dreamhost.com (208.113.136.55)' can't be established. RSA key fingerprint is 50:46:95:5f:27:c9:fc:f5:f5:32:d4:3a:e9:cb:4f:9f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'server.dreamhost.com,208.113.136.55' (RSA) to the list of known hosts. username@server.dreamhost.com's password:
- Confirm the fingerprint in your panel on the SSH Keys page.
- Enter 'yes' to continue.
- Enter your ssh username password when prompted.
The commands above create a new folder under your DreamHost user named /.ssh with 755 permissions.
In that folder is your authorized_keys file which was just copied from your home computer which has 644 permissions. You must now run the following commands to update those permissions to further secure your keys.
[server]$ chmod 700 ~/.ssh [server]$ chmod 600 ~/.ssh/authorized_keys
Step 3 — Adding your custom key to your ssh client
This step is only necessary if you gave your key a custom name in Step #1 above.
When creating your key pair, you choose what to name it. For example, the default name is 'id_rsa', but you can name it anything you like while creating it. However, if you choose a custom name, you'll need to let your SSH client know about the new key.
You do this by starting ssh-agent. Start ssh-agent by running the following command. Make sure you use the backquote ` character and not a single quote – this backquote character is usually on the top left of your keyboard on the tilde ~ key:
[local]$ eval `ssh-agent`
You can then run the following command (make sure to change customkey_rsa to your keyname):
[local]$ ssh-add ~/.ssh/customkey_rsa
You can then check to confirm it's been added by running the following:
[local]$ ssh-add -l 2048 aa:42:d4:46:81:43:65:7f:4e:53:94:5f:2f:0d:fd:bd customkey_rsa (RSA)
It will respond with your private key's fingerprint. You can confirm that fingerprint by generating a fingerprint from your custom key's public file.
[local]$ ssh-keygen -l -f customkey_rsa.pub 2048 aa:42:d4:46:81:43:65:7f:4e:53:94:5f:2f:0d:fd:bd user@server (RSA)
Step 4 — Confirming the SSH connection
If everything is configured properly, you should now be able to access your DreamHost account through SSH without a password. Run this command on your home computer where you just created the original keypair.
[server]$ ssh username@server.dreamhost.com
You should now be able to log in without using a password.
Specifying a key pair for SSH to use
By default, your client will use the identity (private key) named ~/.ssh/id_rsa. However, if you've created more than one key, you can specify which one to use when connecting using the -i flag. For example:
[server]$ ssh -i ~/.ssh/customkey username@server.dreamhost.com
Confirm the identity being used
You can confirm the identity (private key) you're using if you add the -v flag.
[server]$ ssh -v username@server.dreamhost.com
This will display a lot of output, but you're looking for these lines to confirm which identity you're using.
debug1: identity file /home/username/.ssh/id_rsa type 1 debug1: identity file /home/username/.ssh/id_rsa-cert type -1
debug1: Offering RSA public key: /home/username/.ssh/id_rsa
In this example, the id_rsa key is being used.
What if you have more than one key pair?
If you have more than one key, you'll need to add them all to ssh-agent. For example, if you have an id_rsa key in addition to a custom key, make sure you add both using ssh-add (as shown above). This will ensure that the 'Offering RSA public key' line above displays the correct key when connecting.
Troubleshooting
If you are not being automatically logged in, view the following article for possible solutions: