SSH without password from Windows/Cygwin
First of all the openSSH package must be installed on Cygwin.
Ref:
http://www.mines.edu/~gmurray/HowTo/sshNotes.html#ShellNotHome
Note that these
explanations make reference to your "home" directory (written
"HOME" or "~"). On UNIX machines (including Linux) this is
the directory you land in when you login, and where you keep your files; this
location is stored in the environment variable "HOME". Note that
"HOME" is the name of the variable, and that $HOME is the value, e.g.
HOME's value may be "C:\nifty". The natural
HOME for the Windows user Nifty is the existing folder "Documents and
Settings\Nifty" but Cygwin and other UNIX
related applications are not necessarily happy with pathnames that include
blanks, so you should create your own HOME directory for Cygwin
as described below.
Windows only
SSH can give you
authenticated and encrypted connections to remote computers. If you set up keys
you can make these connections without passwords. Installing Cygwin is pretty easy but the home directory and
public/private key business, on Cygwin, is something
of a pain; it's going to push the "beginner" envelope but is doable.
If you don't mind typing passwords with every connection, you can skip all the
Windows HOME business below after installing and running Cygwin.
If for some reason you do not wish to install Cygwin
on Windows you may want to consider putty. I do not cover how to use putty
here.
Installing
Cygwin on Windows: This is pretty straightforward. Download the Cygwin
installation wizard setup.exe from the Cygwin site
and double-click on it. Most of the default selections in the wizard are fine.
Select a place to install Cygwin (recommended:
C:\cygwin) and select a place to put the installation files (the same place
works). Choose an ftp site from the list and then review the additional
packages you want installed. You must select at least the ssh package from the Net section (and the cvs package from Devel if you
know you will need cvs); these are not selected by
default. You do not need the sources.
Running Cygwin on Windows: You start a Cygwin
console from the Start menu, and type the commands in that window. (If the
shell does not open in the HOME directory, see below). The ls
command lists files and folders ("directories" in UNIX lingo). The cd command enables you to change directories, "cd .."
moves you up a directory. The Cygwin console is much
like a regular UNIX terminal and may be customized on startup with .bash_profile and .bashrc files in
your HOME directory. Search the web for more about UNIX for beginners. You can
see the (terse) documentation for any command by using the "man"
command, for example, "man ls" or "man
ssh-keygen".
By the way, Cygwin comes with a small program to set up ssh for you. The command is ssh-user-config, which will create keys and a .ssh directory in your HOME
directory. However, it will not create the HOME directory, nor fix your /etc/passwd, nor put the public key on the remote computer, all
of which are necessary and described below. I've never used it.
Creating
the home directory with Cygwin: The Cygwin installation folder contains folders "usr" and "bin". If there is not one already, add a folder
called "home" and in that folder add a folder with some name,
typically your user name, e.g., "nifty". This will be the folder
where ssh.exe will look for the .ssh folder
containing your keys; see below. (Cygwin thinks your
home is where the line in /etc/passwd says it is, see
below). Note your home directory does not have to be in Cygwin's
"/home" (mine is not), you can put it anywhere, e.g., C:\nifty. To do
this, you will have to start a Cygwin console and run
$ cd /
$ mkdir home
$ cd home
$ ln -s /cygdrive/c/nifty
nifty
The "ln" command is making a symbolic link, like a Windows
shortcut, from Cygwin's /home/nifty to your C:\nifty.
Note that "/cygdrive/c/nifty" is Cygwin's way of saying "C:\nifty". If your HOME
is on another drive, say D:, use the cygwin prefix /cygdrive/d.
Setting the HOME
environment variable on Windows: For Win2K/XP right click on "My
Computer", click on "Advanced" and "Environment
variables". Add a personal environment variable HOME with value, e.g.,
C:\cygwin\home\nifty (or if you did the ln business
above, C:\nifty). You shouldn't need to reboot.
For Win9x/Me, you
must put a line in your autoexec.bat file (usually C:\autoexec.bat) which sets
it, e.g.,
set HOME=C:\cygwin\home\nifty
or
set HOME=C:\nifty
and
reboot. Be sure to edit the autoexec.bat with a text editor (like Notepad) and
not a word processor (like Word).
By the way, environment
variables are useful for a variety of programs; this is where you would set
your CVS_RSH, ANT_HOME, JAVA_HOME, and JIKESPATH if you were a Java programmer
using cvs with ssh.
If you wanted Cygwin commands available from DOS
prompts you would append ";C:\cygwin\bin" to
your PATH variable.
Checking the home
in the /etc/passwd file on Windows: In your cygwin root install folder (C:\cygwin) there is a folder
etc/ containing a file "passwd" (if this
file is missing it can be created with the cygwin
command "makepasswd"). The lines in this
file contain fields separated by colons (:). In a new cygwin
installation the last line will be for your Windows user name. The last field
will be "/bin/bash". Make sure the next-to-last field in the line for
your Windows user name is "/home/nifty", (it's
OK if "nifty" is a link). Do not use Windows "C:\"
notation. Be sure to edit the /etc/passwd file with a
text editor (like Notepad or Wordpad) and not a word
processor (like Word).
If the Cygwin shell doesn't open in $HOME: On some some of my installations the Cygwin
Bash shell did not open in $HOME but in /usr/bin (the
prompt was "/usr/bin $", not, e.g.,
"nifty/ $"). One way to fix this is to put a file ".bash_profile" constaining
the line "cd $HOME" into your $HOME
directory. This is another file which must be created with a text editor.
Linux and Windows
OpenSSH to OpenSSH
(ssh2)
Check that ssh functions at all: SSH can
replace telnet even without keys. Suppose you are connecting to the remote
computer foobar.edu. as user "dude". Run
$ ssh dude@foobar.edu
The ssh
will ask if you want to keep connecting, type "yes", and then it
should ask for your password and open a shell in dude's home directory on foobar, just like telnet. If this fails, there is a problem
somewhere. Make sure everything is set up right on your end, and also make sure
that foobar is accepting ssh connections. If it's not, you're wasting your
time.
Once ssh is functioning we will set up
the keys so it will no longer be necessary to send passwords. If you are
curious about the theory of this then read up on "public key
cryptography".
Create your keys:
You need to create private and public ssh
keys and put them in the proper place with the proper permissions. In your home
directory create a folder .ssh ($ mkdir
.ssh), if there is none. Create the keys with the
command
$ ssh-keygen -t
dsa
The ssh-keygen
program will ask for a passphrase, just hit the
"Enter" key unless for some reason you know you want a passphrase. This creates the keys id_dsa
and id_dsa.pub and puts them in .ssh/.
The private key id_dsa must be readable only by you;
change its permissions with
$ chmod 600 .ssh/id_dsa
Put the public key
on the remote computer: In this section we are assuming the remote computer is
also running OpenSSH. Somehow, you must get the .ssh/id_dsa.pub key onto the remote computer, whether by
email, ftp, carrying it over on a floppy (sneakernet),
etc.; the cool way to do it is to use scp,
which was installed along with ssh. Suppose the
remote computer is named foobar.edu, and your account there is
"dude". To copy the file to foobar, run
$ scp .ssh/id_dsa.pub
dude@foobar.edu:
Don't forget the trailing
colon. You will be asked for dude's password on foobar
before the copying commences. The file will be copied to dude's home directory
on foobar.
Install the public
key on the remote computer: (We assume the remote computer is running OpenSSH on Linux or UNIX!) Once id_dsa.pub
is on the remote computer, login into the remote computer (you can use shh to login as described above). From your home directory
(where you should see your newly arrive id_dsa.pub)
create a .ssh folder if none exists. Then append your
id_dsa.pub to a file in .ssh
with
$ cat id_dsa.pub >> .ssh/authorized_keys
This will create the file authorized_keys if none exists. The id_dsa.pub
key may be removed from the remote computer's home directory, if you like. The
.ssh folder on the remote computer must have the
correct permissions, you may set them with
$ chmod 4755 .ssh
You can also try: chmod -R go-rw ~/.ssh on the remote computer.
Checking the password-less
connection: Now the command
$ ssh dude@foobar.edu
should give you a password-less connection to foobar.edu.
Likewise, scp should be password-free.
By the way, all the commands you do by first logging into the remote computer can be done remotely using ssh. See the documentation for details.
-----------------------------------------
Only two things are
infinite: the universe and human stupidity. I'm not sure about the former.
-- Albert Einstein