Sunday, August 19, 2018

Tips: How to ssh to your Digitalocean server without password

If you are tired of being asked for a password when accessing your remote droplet servers in Digitalocean, you might consider adding an rsa public key to your server so you don't need to input password anymore to ssh to your server.

Here are some useful tips that I have:

The hard way

1. Create a pair of rsa private and public key in your computer.


  • To create a pair of rsa private and public key, in a Mac computer,  in your home directory, you can go to .ssh directory by typing:
$ cd ~/.ssh
  • Once you are in the .ssh directory, you can create the pair of rsa private and public key using the following command:
$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  • You will be given a choice to overwrite your current id_rsa file or you can choose to create a new file. I personally want to create a new file for example id_rsa_do.
  • If you execute ls command in your .ssh directory, you would notice there will be two new files id_rsa_do and id_rsa_do.pub. It means your ssh-keygen command is working fine.

2. Copy your public key and login to your droplet

  • After creating the private and public key, you might want to copy your public key to and login to your droplet.
  • Go to your .ssh directory and execute 
$ cat id_your_rsa.pub
  • You can copy the content of that file and then login to droplet server. You will still need to provide the password at this step
$ ssh root@your_ip_address
  • Once you are in the remote server, you can go to the .ssh directory by using the same command:
$ cd ~/.ssh

3. Add your public key to .ssh/authorized_keys

  • Once you are in the remote server's .ssh directory, you can execute the following command (it will open nano editor):
$ nano authorized_keys
  • You can paste your public key in this file and then exit and save.
  • You can exit your remote server and back to your local computer's terminal.

4. Try ssh without password

  • You can try ssh-ing again to your remote server using the same command:
$ ssh root@your_ip_address
  • If still not working, and if you're having multiple ssh keys, you can specify the private key you want to use by using the following command:
$ ssh -i /path/to/private/key username@your_ip_address

OR

$ ssh-add /path/to/private/key
$ ssh username@your_ip_address

The easy way

You can follow this official tutorial from Digitalocean to add ssh key from their GUI.



Source:


1 comment:

  1. Though this is valid, it is a bad habit. Master password files, such as key pairs, should be kept within manually obfuscated files and referred to minimally throughout application flow.

    Ideally one would want a stand alone instance to do external certificate handling, and I'm sure you can find one already neatly packaged at npm.org

    ReplyDelete

Finally, C# 9 record, the equivalent of Scala's case class

While C# is a wonderful programming language, there is something that I would like to see to make our life programmer easier. If you are fam...