SSH Without Password Authentication

I think every security professionals would agree that telnet is the most unsecure software to use.  Because all messages or text transmitted via this software are in plain text.   It  allows attacker using sniffing technique to capture usernames, passwords, and other valuable information undetected.   Once your login information is revealed and captured by those attacker, your valuable and confidential information will be compromised.

Luckily, most recent linux distribution have disable the telnet prorgam.  And a more secure one is used.  It is the Secure Shell (ssh) program.  It provides the strongest authentication and encryprtion  techniques for use over insecure channels.   All information transmitted via ssh are in encrypted format.   One even wants to secure the remote login by disable the root login and allow only certain users to logon to the server, i.e. just adding the following lines to the file, /etc/sshd/sshd_config

PermitRootLogin No
AllowUsers gene999 ted487 don946

Please noted that the above setting, only 3 users are allowed to login, their user names are even NOT that trivial.  With the above login policy enforced, your chances of letting intruders to break in your server is minimized.   You can even push the secure sense to the limit by employing private/public key infrastructure of the ssh.   In this way, you can ssh remote machine without typed password involved.   A lot of articles have been written on this subject.   Here are the brief summary to implement this:

Steps:

1. On the client run the following commands:

   $ mkdir -p $HOME/.ssh				/* Create .ssh directory under your home if not exist */
   $ chmod 0700 $HOME/.ssh				/* Make sure it can only be accessed by the owner */
   $ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ''	/* Using the dsa encryption protocol with empty passphrase */

   This should result in two files, $HOME/.ssh/id_dsa (private key) and $HOME/.ssh/id_dsa.pub (public key).

2. Copy $HOME/.ssh/id_dsa.pub to the server.   You can use scp to accomplish this.
3. Assuming the OpenSSH is used, on the server run the following commands:

   $ cat id_dsa.pub >> $HOME/.ssh/authorized_keys	/* Make sure the >> is used to append the key to the existing file, not to overwrite it */
   $ chmod 0600 $HOME/.ssh/authorized_keys		/* No one can access the file except the owner */

4. On the client test the results by ssh’ing to the server:

   $ ssh -i $HOME/.ssh/id_dsa server   OR   ssh -l your_userid server

5. (Optional) Add the following lines to the file  $HOME/.ssh/config on the client:

   Host server
            IdentityFile ~/.ssh/id_dsa

   This allows ssh access to the server without having to specify the path to the id_dsa file as an argument to ssh each time.

Helpful manpages:

• ssh(1)
• ssh-keygen(1)
• ssh_config(5)

References

http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html