ssh access without password

Question

I know that it is possible to ssh to another server without a password if authentication keys are set on both the servers. But I will like to know if it is possible to allow users from any IP (known/unknown) to have password-free ssh access to a directory where they can save their stuff in the easiest possible way?

I am looking for SSH solution and not FTP.

Are you wanting this for a web app or for some kind of shared remote drive type situation? — Anthony, Oct 02 '09 at 07:24
web app where my clients can save files using scp because that is what embed in the shell script. — shantanuo, Oct 02 '09 at 08:51

mikl · Accepted Answer · 2009-10-02T10:28:14.947

I'd say the safest solution to this is to generate a password-less SSH-key for each machine and add it to the authorized_keys list on the other.

On machine 1 (as the user who's logging on to the other server):

$ ssh-keygen -t rsa
$ ssh-add ~/.ssh/id_rsa
$ cat .ssh/id_rsa.pub

If keygen asks you for a password, just press enter to create a password-less key.

On machine 2:

Create or edit ~/.ssh/authorized_keys for the user that you're logging in with.
Add the contents of id_rsa.pub (make sure it's the .pub file, not the private key) to the file. All of id_rsa.pub should fit on a single line.

When this is done you should be able to do this from machine 1:

$ ssh username@machine-2

and just be logged in without entering your password. Same goes for scp/sftp.

If this doesn't work, make sure that you have PubkeyAuthentication yes in your /etc/ssh/sshd_config

score 3 · Answer 2 · answered Oct 02 '09 at 09:59

Keep in mind that this is a serious security risk, so you definitely want to do this in a restricted environment, running under a restricted shell or for chrooted accounts only. @Kimvais suggestion of scponly is on the right track.

In the client create a .ssh/id_rsa key with an empty passphrase -- this will create an unencrypted private key. Then copy the .ssh/id_rsa.pub from the client into .ssh/authorized_keys in the server -- watch out for the right permissions! (0700 for .ssh, 0600 for .ssh/authorized_keys).

Now you can ssh/scp/sftp into the server without typing a passphrase.

score 2 · Answer 3 · answered Oct 02 '09 at 07:24

2

You want to use the keys to keep security up but avoid writing passwords How about something like this?

http://hocuspokus.net/2008/01/ssh-shared-key-setup-ssh-logins-without-passwords

answered Oct 02 '09 at 07:24

Johan

805
2
8
13

score 1 · Answer 4 · answered Oct 02 '09 at 07:21

1

If this is openssh, you can set "PermitEmptyPasswords yes" in your /etc/ssh/sshd_config

I guess you want only to allow scp so you probably set up scponly as the shell for the users.

Furthermore, do not allow access from the internet :)

answered Oct 02 '09 at 07:21

Kimvais

315
3
17

I tried the option. But I am still asked for the password when trying to access it from some other client within the same network. – shantanuo Oct 02 '09 at 08:49
Yes, it will ask for the password, but you can leave it empty and just press enter. – Kimvais Oct 02 '09 at 10:31
2

Yuck. Use password-less keys, not `PermitEmptyPasswords`. Also there's no need to use `scponly` for restricted and chrooted logins because OpenSSH can do this natively. – Dan Carley Oct 02 '09 at 10:40
Cool, Dan you should give the native chrooted restricted logins example here! – Kimvais Oct 05 '09 at 06:57

score 1 · Answer 5 · answered Oct 02 '09 at 08:30

1

I really doubt it is possible to avoid password and/or key for SSH authentication. The reason is SSH itself, it is created for Secure SHell access. Consider switching for FTP/telnet for non-secure option.

answered Oct 02 '09 at 08:30

Andrejs Cainikovs

1,621
1
14
20

ssh access without password

5 Answers5

Linked