Passwordless login via SSH from multiple computers

sshssh-keys

I'm trying to understand the concept of passwordless login via SSH.
As far as I understand you create the SSH key pair on the computer on which you will connect FROM.
Then copy the public key to the server which you will connect TO.
So far so good? Correct me if I'm wrong on the basics…

I guess that would result in that the passwordless logins only can be made from my computer (where the key pair was created because thats where the private key exists).

But what if I want to be able to use passwordless logins from multiple computers to the same server?
Do you need to create a key pair on each computer that will connect to the server and copy each public key to the server?
How should I do?

Best Answer

You either follow that procedure for multiple machines or copy the private key. Depending on your personal security requirements and workflow one might be easier or "better" than the other.

If your private key is compromised you would need to remove it from the authorized_keys file and/or revoke it. In addition, depending on your workflow, you would need to enroll a new key for multiple machines. Having one key per machine would likely be more secure but also potentially more management overhead.

Related Solutions

RSA Authentication: Cannot get passwordless login with SSH

You should check if you have (sshd_config) :

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

UsePAM yes  <-- That one is usually the last line of the sshd_config

Then that your public key is added to authorized_keys in your ~/.ssh/. The last one (UsePAM yes) is very important, since if disabled it will force you to authenticate with your unix account. PAM is here to say that private key authentication is sufficient to log in. Eventually, if that still don't resolves you may have to check the PAM configuration.

Centos – Passwordless SSH (Windows –> CentOS)

The problem is your step 2. You overwrote root@xxx.xxx.xx.xx public key with your Cygwin public key. That's not what you want.

You should, instead, add your public key to root@xxx.xxx.xx.xx authorized keys. This can be done manually appending your id-rsa.pub to /root/.ssh/autorized_keys (on CentOS), or automagically running ssh-copy-id on Cygwin.

ssh-copy-id root@xxx.xxx.xx.xx

It will prompt for your password and then you should be fine.

Also, you should recover root@xxx.xxx.xx.xx public key, or generate a new pair, if it's not inconvenient.

Best Answer

Related Solutions

RSA Authentication: Cannot get passwordless login with SSH

Centos – Passwordless SSH (Windows –> CentOS)

Related Question