3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id
November 8, 2017 - Reading time: 6 minutes

You can login to a remote Linux server without entering password in 3 simple steps using ssky-keygen and ssh-copy-id as explained in this article.

ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host’s home, ~/.ssh, and ~/.ssh/authorized_keys.

This article also explains 3 minor annoyances of using ssh-copy-id and how to use ssh-copy-id along with ssh-agent.

Step 1: Create public and private keys using ssh-key-gen on local-host

jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host

Step 2: Copy the public key to remote-host using ssh-copy-id

jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Note: ssh-copy-id appends the keys to the remote-host’s .ssh/authorized_key.

Step 3: Login to remote-host without entering the password

jsmith@local-host$ ssh remote-host
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
[Note: SSH did not ask for password.]

jsmith@remote-host$ [Note: You are on remote-host here]


The above 3 simple steps should get the job done in most cases.

We also discussed earlier in detail about performing SSH and SCP from openSSH to openSSH without entering password.

If you are using SSH2, we discussed earlier about performing SSH and SCP without password from SSH2 to SSH2 , from OpenSSH to SSH2 and from SSH2 to OpenSSH.

Using ssh-copy-id along with the ssh-add/ssh-agent

When no value is passed for the option -i and If ~/.ssh/identity.pub is not available, ssh-copy-id will display the following error message.

jsmith@local-host$ ssh-copy-id -i remote-host
/usr/bin/ssh-copy-id: ERROR: No identities found


If you have loaded keys to the ssh-agent using the ssh-add, then ssh-copy-id will get the keys from the ssh-agent to copy to the remote-host. i.e, it copies the keys provided by ssh-add -L command to the remote-host, when you don’t pass option -i to the ssh-copy-id.

jsmith@local-host$ ssh-agent $SHELL

jsmith@local-host$ ssh-add -L
The agent has no identities.

jsmith@local-host$ ssh-add
Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)

jsmith@local-host$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV
aHrtPhTYpq7kIEMUNzApnyxsHpH1tQ/Ow== /home/jsmith/.ssh/id_rsa

jsmith@local-host$ ssh-copy-id -i remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
[Note: This has added the key displayed by ssh-add -L]

Three Minor Annoyances of ssh-copy-id

Following are few minor annoyances of the ssh-copy-id.

  1. Default public key: ssh-copy-id uses ~/.ssh/identity.pub as the default public key file (i.e when no value is passed to option -i). Instead, I wish it uses id_dsa.pub, or id_rsa.pub, or identity.pub as default keys. i.e If any one of them exist, it should copy that to the remote-host. If two or three of them exist, it should copy identity.pub as default.
  2. The agent has no identities: When the ssh-agent is running and the ssh-add -L returns “The agent has no identities” (i.e no keys are added to the ssh-agent), the ssh-copy-id will still copy the message “The agent has no identities” to the remote-host’s authorized_keys entry.
  3. Duplicate entry in authorized_keys: I wish ssh-copy-id validates duplicate entry on the remote-host’s authorized_keys. If you execute ssh-copy-id multiple times on the local-host, it will keep appending the same key on the remote-host’s authorized_keys file without checking for duplicates. Even with duplicate entries everything works as expected. But, I would like to have my authorized_keys file clutter free.

connecting to wireless networks from command line
December 16, 2016 - Reading time: 4 minutes

You can create a wireless network configuration that will be managed by Network Manager by creating files in /etc/NetworkManager/system-connections. Look at existing files to see how the format looks like.

Once the connection is created, you can use the nmcli command to manage NetworkManager from the command line, doing things such as enabling, disabling and querying connections.

Incidentally, the System Testing tool (checkbox) has a script that does exactly this: creates a connection and enables it, with parameters that you supply on the command line.

For instance, this creates a connection to the open "duck" network:

sudo /usr/share/checkbox/scripts/create_connection duck

This will create a connection to a network using WPA2 security, with "wings" password:

sudo /usr/share/checkbox/scripts/create_connection -S wpa -K wings duck

The script is written in Python so it should be easy for you to look at and adapt to your needs.

The script's help says this:

Usage: create_connection [options] SSID

Options:
  -h, --help            show this help message and exit
  -S SECURITY, --security=SECURITY
                        The type of security to be used by the connection.
                        One of wpa and wep. No security will be used if
                        nothing is specified.
  -K KEY, --key=KEY     The encryption key required by the router.
  -U UUID, --uuid=UUID  The uuid to assign to the connection for use by
                        NetworkManager. One will be generated if not
                        specified here.
  -R RETRIES, --retries=RETRIES
                        The number of times to attempt bringing up the
                        connection until it is confirmed as active.
  -I INTERVAL, --interval=INTERVAL
                        The time to wait between attempts to detect the
                        registration of the connection.

Option 1

Just edit /etc/network/interfaces and write:

auto wlan0
iface wlan0 inet dhcp 
                wpa-ssid {ssid}
                wpa-psk  {password}

After that write and close file and use command:

sudo dhclient wlan0

Replace {ssid} and {password} with your respective WiFi SSID and password.

Option 2

Provided you replace your Wireless network card, Wi-Fi Network name, and Wi-FI Password this should also work.

I am using: - Wireless network card is wlan0 - Wireless network is "Wifi2Home" - Wireless network key is ASCII code ABCDE12345

First, get your WiFi card up and running:

sudo ifconfig wlan0 up

Now scan for a list of WiFi networks in range:

sudo iwlist wlan0 scan

This will show you a list of wireless networks, pick yours from the list:

sudo iwconfig wlan0 essid Wifi2Home key s:ABCDE12345

To obtain the IP address, now request it with the Dynamic Host Client:

sudo dhclient wlan0

You should then be connected to the WiFi network. The first option is better, because it will be able to run as a cron job to start up the wifi whenever you need it going. If you need to turn off your WiFi for whatever reason, just type:

sudo ifconfig wlan0 down

FYI

I have also seen people using alternative commands. I use Debian, Solaris and OSX, so I'm not 100% sure if they are the same on Ubuntu. But here they are:

sudo ifup wlan0 is the same as sudo ifconfig wlan0 up
sudo ifdown wlan0 is the same as sudo ifconfig wlan down

“SIOCSIFFLAGS: Operation not possible due to RF-kill”
June 2, 2015 - Reading time: 3 minutes

Soft-blocking

The output to sudo rfkill list shows that your network card is "soft-blocked".

This could happen when the wireless card has been signalled to switch-off via the kernel.

Try the following steps:

  1. run in a terminal:

    sudo rfkill unblock wifi; sudo rfkill unblock all

  2. rerun sudo rfkill list to confirm that the card has been unblocked.

  3. reboot

  4. rerun sudo rfkill list again to confirm unblocking as been retained.

  5. rerun sudo lshw -class network - you should now see that the kernel has recognised (or not) the wireless card.

If the wireless kernel module has been recognised (it should not say "unclaimed"), Network Manager should now be able to see wireless networks that are available in your vacinity.

Diagnose the kernel issue

If the network card is not recognised - and you have confirmed sudo rfkill list shows no blocking (i.e. both soft blocked and hard blocked are "no") then add the following to your question:

sudo modprobe -r iwl3945
sudo modprobe iwl3945
dmesg | tail -n 50

Hopefully this will point out the error - for example a firmware issue not loading.

Loading new firmware

If it is a firmware issue then you can try maybe one of the following:

  • install the backports wireless drivers:

i.e.

sudo apt-get install linux-backports-modules-cw-2.6.39-generic

Then reboot - test for software blocking etc.

  • get the latest firmware as follows:

i.e.

wget http://intellinuxwireless.org/iwlwifi/downloads/iwlwifi-3945-ucode-15.32.2.9.tgz

tar xzf iwlwifi-3945-ucode-15.32.2.9.tgz

cd iwlwifi-3945-ucode-15.32.2.9

sudo cp iwlwifi-3945-2.ucode /lib/firmware

Then reboot - test for software blocking etc.

N.B. your dmesg trace should indicate what the name of the firmware it is having an issue with. Possibly you need to rename "iwlwifi-3945-2.ucode" to whatever the name of the firmware it was expecting.

About

A personal repository of GNU/Linux hints, recipes and everyday troubleshooting.

Search

Resources

Linked Notes

Domains

Recent

Tags