HomeHOWTO GuidesNetworking HOWTOs

Logging in via SSH without a password

The target root file system included in the STLinux distribution is setup in such a way that the user root can log on to a target system without a password.

We achieve this by leaving the password field on the target´s etc/passwd file is empty: 

root::0:0:root:/root:/bin/bash

The configuration file for the Open SSH server running on the target has also been modified to allow users to login without a pasword.

The following line in ./etc/openssh/sshd_config allows users to connect to the target using ssh without using a password

PermitEmptyPasswords yes

Securing the Target

From what has been said above, a target system can be made more secure by either

  • setting a root password
  • changing the Open SSH server configuration file to deny access using an empty password (notice that rlogin and telnetd still need to be deal with separately

Alternatively, it is possible to connect to an SSH server using a public/private key authentication method as described bellow.

Setting up RSA/DSA SSH Authentication

  1. Create a public key by typing the following on the host at the shell prompt (note that there are no spaces in ssh-keygen):

    2. host% ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/<user>/.ssh/id_rsa):

  2. Press Return (to use the default directory).

    3. Created directory '/home/<user>/.ssh'.
Enter passphrase (empty for no passphrase):

  3. Press Return (to leave the passphrase blank).

    4. Enter same passphrase again:

  4. Press Return again. 

    5. Your identification has been saved in /home/<user>/.ssh/id_rsa.
Your public key has been saved in /home/<user>/.ssh/id_rsa.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx <user>@<machine>

  5. Create a directory .ssh on the target by typing: 

    6. host% ssh root@<target> mkdir /root/.ssh

    and press Return:

    The authenticity of host '<target>' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)?

  6. Type yes and press Return:

    7. Warning: Permanently added '<target>' (RSA) to the list of known hosts.
root@<target>'s password:

  7. Enter the root password of the target machine and press Return.

  8. To transfer the public key to the target type:

    9. host% scp /home/<user>/.ssh/id_rsa.pub     root@<target>:/root/.ssh/authorized_keys
root@<target>'s password:

  9. Enter the root password of the target and press Return:

    10. id_rsa.pub                                    100%  236     1.1MB/s   00:00

SSH is now configured on both sides and will work without a password. To check this, type the following at the shell prompt on the host:

host% ssh root@<target>
Last login: Sat Jan  1 00:43:43 2000 from 164.129.15.35
Linux <target> 2.6.11 #4 Sun Sep 18 17:17:44 BST 2005 sh4 unknown unknown GNU/Linux
Welcome to STMicroelectronics Base Distribution