Setting Up Password-less Logins with SSH

The purpose of this document is to describe how to setup password-less logins between your desktop/laptop/office computer (running GNU/Linux), Enigma (the main department server and the head node for the cluster). If you run Cygwin on a Windows machine, then you can treat your computer as a GNU/Linux machine. Cygwin uses OpenSSH. Similarly, recent Apple computers running OS X use OpenSSH and the instructions for GNU/Linux can be applied.

You can check the version of your SSH program by typing ssh -V. On a relatively recent GNU/Linux distribution, it should say something like

zooey:> ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
On Enigma, it says
enigma:> ssh -V
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f

Create Public/Private Keys

Note: If you have already generated public/private keys via ssh-keygen then you can skip this section and go on to "Setting up Logins". If you run ssh-keygen you will overwrite any keys that were generated previously.

On each computer that you routinely use run the command ssh-keygen -t dsa. This command creates public and private cryptography keys that can be used for authentication/login. During this process you will be prompted with some questions. Just hit ENTER until you get your command prompt back. In particular, you don't need to specify a passphrase. Just leave it blank.

You can look at your public key (it is an ASCII file) but it will appear as as bunch of random characters.

Setting up Logins

Choose your situation:


If you set up passwordless login and you are still being asked for a password, then you may have to fix the permissions of your .ssh directory. This shouldn't happen on enigma, but it does happen occasionally on other machines. The sshd daemon requires that the .ssh be readable by user and group only, not by others. To fix the permissions, execute the following command on the machine that you are trying to log into:

		chmod o-rwx ~/.ssh

Please report any corrections or suggestions regarding this document to bitsupport 'at'
Updated 2010-08-27