SSH passwordless login
Let us assume that we want to connect to an SSH server from a Linux client without entering your password each time. We use “cli_ip” and “srv_ip” to represent the
Step 1: Create authentication SSH-Kegen keys on the client.
On your client machine run the command:
ssh-keygen -t rsa -b 4096
Step 2: Create .ssh directory on the server.
First, SSH to the server and check if the directory “.ssh” exits on your home directory. Since “.ssh” is a hidden directory, you can check its existence by the following command in the terminal
If the directory does not exist, create it by
Step 3: Upload generated public keys from the client to the server
Run the following command to upload the generated public key in Step 1 from the client to the server
cat .ssh/id_rsa.pub | ssh your_username@srv_ip 'cat >> .ssh/authorized_keys'
Step 4: Set directory permissions on the server
Due to different SSH versions on servers, we need to set permissions on .ssh directory and authorized_keys file. First, SSH to the server and then run the following commands
chmod 700 .ssh
chmod 640 .ssh/authorized_keys
Step 5: Login from client to server without password
Now you should be able to remotely login to the server srv_ip from client cli_ip with SSH without entering your password
Persistent SSH Connection using autossh
“Autossh” is a program that starts a copy of ssh, monitors it, and restarts the connection if necessary. To install autossh on Debian/Ubuntu you can run
sudo apt-get install autossh
and to install it on CentOS/Fedora/RHEL you can run
sudo yum install autossh
It can also be installed on OSX by the following command
brew install autossh
autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "ExitOnForwardFailure yes" -R 8080:127.0.0.1:80 -R 2222:10.0.0.100:22 -D *:3128 rmt_s rv_ip
The option “-M port[:echo_port]” specifies the base monitoring port to use. Without the echo port, this port and the port immediately above it (port + 1) should be something nothing else is using.
Using SSHuttle to tunnel the traffic
One can install sshuttle by running
apt-get install sshuttle
Then, to use it as a VPN on your local machine to forward all traffic to the remote server, one can run:
sshuttle -r username@sshserver 0.0.0.0/0
If we would also like our DNS queries to be proxied through the DNS server of the server we are connected to, the following command can be run:
sshuttle --dns -r username@sshserver 0/0