SSH tips and tricks

SSH login with empty passwords

Create password key from the workstation and user where you want to login from. Leave password fields empty.

ssh-keygen

Transfer .ssh/id_rsa.pub to remote server and user where you want to login to via SFTP.

sftp user@server
> put .ssh/id_rsa.pub
> exit

Add id_rsa.pub to .ssh/authorized_keys files on remote host.

ssh user@server
$ cat id_rsa.pub >> .ssh/authorized_keys
$ exit

Done. Now it should work to do empty password login.

ssh user@server

File permission problems

It is important that folder permissions of both home folder and .ssh folder and contents have the correct permissions.

home folder must only allow allow write permissions for owner otherwise empty passwords will not work. .ssh files must only be read and writable by owner

ls -l /home
drwxr-xr-x   9 backup       backup        512 Jul 31 20:44 backup
ls -l /home/backup
drwx------  2 backup  backup  512 May 24 19:36 .ssh
ls -l /home/backup/.ssh
-rw-------  1 backup  backup  806 Nov  4 16:34 authorized_keys

I spent a number of hours figuring this out. Login will still be possible just not with empty passphrase.

Using ssh-agent

A more safe solution than using empty passwords is to use ssh-agent for password management.

So, unless the connection has to be made unattended from a script/cron one should use a key with a passphrase in conjunction with ssh-agent. This will only need the password once when launching and then work as a passwordless key.

Disable root login on a server

For public available servers it is recommended to prohibit root ssh login. Simply enter the following configuration in /etc/ssh/sshd_config and restart the sshd.

PermitRootLogin no

Just remember to include any user that shall be permitted to switch to root to be included in wheel group.

References

• OpenSSH Key Management
• ssh-agent
• How the SCP protocol works