SSH access with passwordless keyfile

I want to be able to access my Raspberry Pi Cluster and log onto any node without entering a password. To do this I can set up as passwordless SSH key.

Generating a SSH Key

To generate a SSH key you can use the command ssh-keygen. Once you have ran this you will get the below command output.

chewett@bunker-master:/tmp$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/chewett/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/chewett/.ssh/id_rsa.
Your public key has been saved in /home/chewett/.ssh/id_rsa.pub.
The key fingerprint is:
08:da:bf:3b:40:60:19:62:a8:97:10:77:e1:c9:93:d8 chewett@bunker-master
The key's randomart image is:
+---[RSA 2048]----+
|+oooo.           |
|+o+* o           |
|.o.oE            |
|. oo.o .         |
| .... . S        |
|    ..           |
|     ..          |
|      ..         |
|      oo         |
+-----------------+

During this command you can choose where the store the key files and what passphrase you want to secure the key with. For this I have not set a passphrase so I don’t need to enter it when logging into my cluster.

Once I have ran this command it will generate a public and private key. This private key is used in combination with the public key to authenticate yourself. I will install the public key on any machine that I want to login to and it will give access via the private key. As suggested by the name the public key can be installed on all your machines and the private one should be kept private.

Installing the public key

Once you have generated your public key you need to copy it to all the machines you want to access it on. To install it you need to add it  into the authorized_keys file. This is located in ~/.ssh/authorized_keys. You can copy your public key to the machine and install it using.

scp  /home/chewett/.ssh/id_rsa.pub bunker-master:~/
ssh bunker-master
mkdir ~/.ssh/
cat id_rs.pub >> ~/.ssh/authorized_keys

The first line copies the public key to the machine. Once this has been done you can login to the remote server (second line). If the ~/.ssh/ directory does not exist it can be created with mkdir. Using cat you can then echo your public key and append it to the authorized_keys file. We want to ensure we append to this file using >>. This is because if the file exists we want to add your public key and not lose the other lines in this file.

Logging in with the SSH key

Now  we  have installed the SSH public key we can login to the machine using

ssh -i ~/.ssh/id_rsa bunker-master

Using the -i flag you can specify which key file you want to use to ssh into the host. If you don’t want to enter this each time you can specify this in your SSH config file. This file should be found, or created, in ~/.ssh/config

Host bunker-master
 HostName 192.168.0.5
 User chewett
 IdentityFile ~/.ssh/id_rsa

The format for the file is above. Host is the name you want to refer to the machine as. HostName is the IP or hostname of the machine that will be used to SSH to. User can be specified to set the username used to SSH in and IdentityFile will specify the keyfile you want to use when logging.

If I set my config file up as above, all I would need to do so is type ssh bunker-master and this would effectively run ssh -i ~/.ssh/id_rsa [email protected]. The first being much shorter.

In addition to being able to specify all the options in the config file, using a keyfile means you don’t need to enter your password. Since I didn’t enter a password for my keyfile entering ssh bunker-master will automatically ssh into the host and log me in.

Once I have installed this on all of my nodes I will be able to SSH into any one of them without needing a password. Performing this will be important for automatically running commands on the nodes.