Wednesday, November 6, 2013

SSH from Windows to Linux without a password and without Putty

SSH into Linux from Windows is possible through the Cygwin SSH client, but logging in without a password can be a little tricky. It look me a little trial and error to get it working, so here are my steps:

Open a command prompt and login as root or another user with root privileges.

Create the user, if you haven't already and set the password (I'm using techn, change it to whatever username you want).

useradd techn
passwd techn
Give this user root privileges for now. You can take them away later, if needed.
usermod -G root techn
Create the .ssh directory for techn
mkdir /home/techn/.ssh
Give ownership of the .ssh directory to techn
 chown techn:root .ssh
Assign permissions for this directory to techn
chmod 700 /home/techn/.ssh
Exit the ssh session
exit
From the windows command prompt, run ssh-keygen
ssh-keygen
Choose the defaults, use a password if you want.

Now, the public key (id_rsa.pub) needs to be transferred to the linux server. If you were doing this from linux, you could use the ssh-copy-id script, but this doesn't work from the windows command prompt. So, we use this instead:

cat .ssh/id_rsa.pub | ssh techn@LINUX-HOST "cat >> ~/.ssh/authorized_keys"
It should ask you for techn's password. Supply it and if you receive no error messages, you've succeeded in sending the public key to your linux host. This only works if you have root privileges, sudo doesn't seem to work here. Now you should be able to login without a password:
ssh techn@LINUX-HOST
The following instructions only apply if you want to set up techn with sudo.

On the linux server, install sudo

apt-get install sudo
Log out and log back in as root and remove techn from the root group and put them in the the sudo group
usermod -G sudo techn
Create a text file called 'techn' in your home directory and paste this inside it:
techn ALL=(ALL) ALL
Set the right permissions for this file
chmod 440 techn
Move the file to sudoers.d directory
mv techn /etc/sudoers.d
Do NOT try create this file directly in the sudoers.d directory. You will run in to all kinds of trouble.

No comments:

Post a Comment