Instructions on how to configure SSH and passwordless rsa authentication.
1. Login to your server and configure SSH.
$ ssh user@server $ su root $ ** ryour server root password ** # nano /etc/sshd/config
Change/Add/Uncomment this following lines:
Port 3344 Protocol 2 PermitRootLogin without-password AllowUsers user root
Any port above 1024 is good, as long as its not default port 22.
RSAAuthentication and PubkeyAuthentication should be enabled by default.
Note: Don’t worry about the misleading “without-password” command. This will only disable root password for rsa authentication and will not actually allow any one else to login to your server without a password, if they don’t have your private rsa key.
2. Configure RSA keys to login to your server without passwords. On your computer (not server), generate rsa keys by using everything default and living password fields empty by pressing enter when asked.
$ ssh-keygen -t rsa
3. Now copy public rsa key over to your server.
$ cat ~/.ssh/id_rsa.pub | ssh user@server -p3344 'cat >> .ssh/authorized_keys' $ ** your server user password **
4. Copy same public rsa key to root.
$ su root $ ** your server root password ** # cp /home/user/.ssh/authorized_keys /root/.ssh/authorized_keys
5. To login as user or root to your server simply run.
ssh user@server -p3344 or ssh root@server -p3344
or setup easy ssh config on your computer for easier alias login. See example config bellow.
# # ~/.ssh/config # ## Usage # Host alias # Hostname ip_here # User user_name # Port port_here ## Example: Regular, User SSH Login Host srv1usr Hostname 192.168.0.1 User johndoe Port 3344 ## Example: Regular, Root SSH Login Host srv2root Hostname 192.168.0.1 User root Port 3344 ## Example: VPN, User Login Host srvprx Hostname 192.168.0.2 User johndoe Port 3344 ProxyCommand corkscrew vpn.server.com 3128 %h %p ~/.ssh/auth
Then simply run any alias to connect by typing: “ssh srv2root” for example. To use VPN or any other SOCKS5/HTTP proxy to connect through corkscrew, you need to install “corkscrew” and create ~/.ssh/auth file with user:pass in it.