# ssh login without key



## bsus (Jul 8, 2011)

Hi,

I have an extra admin account on the FreeBSD server, with which I can *su* to root. Because it's very tiring to enter two long passwords I wanted to use key-based authentication.

I created  a private and public key with *ssh-keygen*. Then I copied the private key to the other host and added the following to the .ssh/config:

```
Host server
HostName 192.168.178.4
User <admin>
Identityfile id_rsa
```

When I now want to log on with *ssh server* I still need to enter a password. How can this be? A possible problem could be that I don't have the admin user of the server on the clients, so I usually have to use *ssh 192.168.178.4 -ladmin* to log on.

Regards.


----------



## jem (Jul 8, 2011)

You should have copied the *public* key (.ssh/id_rsa.pub) to the server, not the private one.  It needs to be saved into the .ssh/authorized_keys file of the admin account.

You could do that with:
[CMD="client$"]cat .ssh/id_rsa.pub | ssh -l admin server 'cat >> .ssh/authorized_keys'[/CMD]

If you protected the keys with a passphrase, you will still be prompted for it each time you ssh to your server, unless you load the key into memory with ssh-agent(1) on your local client.


----------



## bsus (Jul 8, 2011)

So, the content of id_rsa.pub is copied to authorized_keys on the target system (which I want to log on) the id_rsa is copied to the client and has become 600 rights.

When I now want to log on from the client to the server with [CMD=]ssh -l admin -i id_rsa 192.168.178.4[/CMD] then I still am getting a required passwort (and that's the normal user password, not the one for the private key.)

Is there maybe an extra setting only to use password authentication instead of keys?


----------



## fonz (Jul 8, 2011)

bsus said:
			
		

> Is there maybe an extra setting only to use password authentication instead of keys?


Although probably not commonly used, sshd(1) can indeed be configured (not) to allow passwords and/or public keys. See sshd_config(5), particularly the options _PubkeyAuthentication_ and _AuthorizedKeysFile_ in /etc/ssh/sshd_config.

Fonz


----------



## jem (Jul 8, 2011)

Lets see the output of
`$ ssh -v -l admin 192.168.178.4`

If your id_rsa file is in your .ssh directory on your client machine (it gets saved there by ssh-keygen(1) default), you don't need to specify the -i option.


----------



## bsus (Jul 8, 2011)

I found the issue hwo emberessing.

The shell had to reload the setting from .ssh/config - I mentioned this after a reboot...

[solved]


----------

