ssh to server without password and without changing the server's setup
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ssh to server without password and without changing the server's setup
Hi,
this question is related to ssh into a server without password. I know, the usual way to accomplish this is to exchange public keys, which gets stored on the server. But I want to be able to log-in to the server without making changes to the server, i.e. to store the key in .ssh/authorized_keys or something.
I do not want anybody in the whole world to login to the machine - I was just wondering if there is some other way I could authenticate myself.
Instead of typing the password for each ssh connection, I hoped for a way of providing this authorization information, maybe in some kind of file which contains an encrypted version of the password. A kind of private key, which can be used to automate the authorization process.
Is there no such way to handle ssh without installing/copying a public key to the server?
Somehow you need to authenticate yourself. So something has to be done on the server to grant access to someone. If you don’t want it on a per user basis: hostbased authentication may be an option. But this would also me to setup something on the server.
Maybe you can layout the intended use in more detail: why do you don’t want to install a public key on the server?
what I want to do is to TEST the server, and to execute scripts as part of the installed software. The best way to do this is to execute those scripts via ssh, because in that way you do not need to modify the system (For Testing, it is really important to test a setup as-is, without modifying it). I have several solutions:
- For each ssh execution, I can type the password. Very inconvenient for hundreds of instructions.
- I could add my public key on the server, but this violates the paradigm to leave the system in its to-test state, strictly spoken.
- I could add my public key on the server, but this violates the paradigm to leave the system in its to-test state, strictly spoken.
True, and I also argue that after the validation of the software on a machine you can neither upgrade the kernel nor exchange any libraries without redoing the validation. But for a public key on a user level I don’t see the impact.
Can you install anything on the server? Someone must have created the user account at least which you use for example.
One additional note: you can also run 802.1x authentication on wire and the server you want to test would then need to contact an external RADIUS server for granting access - which is under your control again. I’m not sure whether it allows also an empty password – just an idea.
If this is just for testing, you could do it with an expect script. However this means your password is going to be shown in plain text in the script. Depending on the application, this might be acceptable though.
I could add my public key on the server, but this violates the paradigm to leave the system in its to-test state, strictly spoken.
Yes. And strictly spoken adding a (test) account, running any process, any network connection, any access, any logging on or into the testbed alters the state of the system. Unless modifying authorized_keys affects your tests significantly and in a way that can't be compensated for (you don't say what tests you actually want to run) you may be over-thinking and over-complicating things by not following standard procedure.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.