Miner.farm Crypto Currency Community Forum

Browse and post your favorite coin/crypto news, miner.farm and PiMP OS updates and announcements, mining guides, overclocking tips, and more...

Note: To change your forum username: login, click your avatar icon (top right?), Edit Profile. Change the "full name" field to your preferred username.

Quick Links

Passwordless SSH from Linux/BSD/MacOS

  • Beta Team

    Source: https://linuxize.com/post/how-to-setup-passwordless-ssh-login/

    This tutorial is a basic rundown of commands. Check the source referenced above for more detail. Or use your favorite internet search engine.

    Your SSH server (pimp machines) are only as secure as your passphrase. Also, it's just plain annoying to type the damnable thing at every login or file transfer. Fix it with passwordless login key exchange and disable passwords at login.

    For the purposes of this tutorial, I will use $CLIENT to indicate the machine you SSH from and $HOST to indicate the machine you SSH to. Commands will be couched in code blocks

    $HOST > like this
    $CLIENT # and this

    a prompt ":>" is a non-root prompt, while "#" is root user. Yours may be different (probably is, at least for non-root) in your shell config file and need to adjust your reading accordingly.

    I'll be using <CLIENT_IP> and <HOST_IP> to indicate where IP addresses for the machines should be substituted. If you have changed your host name in ($HOST)/etc/hostname, and have added your pimp rig to your $CLIENT/etc/hosts or have configured your router to respect hostnames on your LAN, you can use the hostname instead. (I configure all three to take no chances, and configure a fixed-IP for my rigs. LAN best practices.)

    01. Check for existing SSH key pair. ($CLIENT)
    $CLIENT :> ls -al ~/.ssh/id_*.pub

    If this command returns one or more file names, you already have SSH keys and can skip to step 03. Or you can create a separate set of keys, but that's beyond the scope of this tutorial.

    02. Generate SSH key pair ($CLIENT)
    $CLIENT :> ssh-keygen -t rsa -b 4096 -C "some_email@some_domain.com"

    The keygen process will ask where to store the keys. The default location is ideal unless you have a compelling reason to change it.

    Follow the prompts. The process should be complete when you are returned to your shell prompt. Still, you should verify that the files were created.

    $CLIENT :> ls ~/.ssh/id_*

    You should have an id_rsa and id_rsa.pub.

    03. Push keys to $HOST

    Your $HOST needs a copy of the public key. You can do this manually (details not in this tut) but the ssh client package provides an easy way to do this.

    By default, pimpos wants us to use the root user. Unless you have created and use a regular user (with sudo or doas privileges) (which you should do because logging as root, especially over the network, is bad bad admin practice.) This tut, however, assumes you have not changed this practice. If you have (good for you!), you will need to modify the login appropriately.

    $CLIENT :> ssh-copy-id root@HOST_IP

    SSH will ask for your pimp passphrase and copy the public key of $CLIENT to the $HOST.

    05. Verify all went well.
    $CLIENT :> ssh root@HOST_IP

    You should be presented with your pimp shell prompt and not be asked to enter the passphrase. If you configured the ssh key with a passphrase, you will be asked for it.

    04. Disable $HOST password login. (optional but recommended)

    After verifying you can log into an account with administrative privilege (root or user with sudo or doas permission), you can secure your $HOST by disabling password authentication.

    Log in to your $HOST (hurray! no password) and edit the file /etc/ssh/sshd_config.

    Search for and modify the following lines so they match.

    PasswordAuthentication no
    ChallengeResponseAuthentication no
    UsePAM no

    Save and close the file. Now you need to restart the ssh server process.

    $HOST # systemctl restart ssh

    Done. Happy administering.


Want 10% more hash from your rigs?

We promise to keep your email safe and never spam you.

© 2014-2021 Miner.farm | By Miners, For Miners | Portable Instant Mining Platform, LLC