SSH login with own terminal and/or without password
SSH Without Password: A Technical Explanation¶
SSH, or Secure Shell, is a protocol used for securely accessing remote systems. Often, users are prompted to enter a password when connecting via SSH. However, it is entirely possible—and sometimes more convenient and secure—to set up SSH without password authentication.
How is "SSH without password" possible?¶
SSH supports multiple methods of authentication, one of which is key-based authentication. Instead of using a password, a pair of cryptographic keys is used: a public key and a private key.
- Key Generation: The user generates a pair of keys: the private key, which remains on the client machine, and the public key, which is shared with the remote machine (or server).
- Public Key Storage: The public key is appended to the ~/.ssh/authorized_keys file on the remote machine.
- Authentication Process: When connecting to the server, the client proves it has the private key by providing a digital signature. The server, having the corresponding public key, can verify this signature.
What are the Benefits of "SSH without password":¶
Security: Key-based authentication can be more secure than password-based authentication, especially if strong keys are used and protected adequately.
Convenience: Once set up, users can SSH into remote systems without entering a password each time.
Automation: Password-less SSH is especially useful for scripts and automated tasks where manual password entry would be impractical.
Many people prefer to work with ssh in their own terminal since they can use their preferred shell.
Doing ssh without password with qbee¶
For this tutorial we assume that ssh access is enabled on the device and within the qbee platform by providing the necessary ssh key. SSH without password login only works with the qbee-connect desktop tool and not in the web UI as we do not store any private keys on the platform. But then you can also use your preferred terminal software.
This video shows how this is done. You see both how qbee-connect can be used to make the ssh access possible in your own terminal window and how the login works without password. For the later to work you need to follow the steps below.
Remote ssh access without password can be done by exchanging proper ssh keys
By creating a public private key pair on one machine and registering the public key with the remote edge device an ssh access without password is possible. Sometimes you need to allow this in ssh settings as well.
On the desktop machine running qbee-connect you need to generate a pair of authentication keys. Please run ssh-keygen
but do not enter a passphrase. We recommend using an ecdsa key with maximum keylength for best security and compatibility:
user@my-machine~ % ssh-keygen -t ecdsa -b 521
Generating public/private ecdsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_ecdsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/user/.ssh/id_ecdsa.
Your public key has been saved in /Users/user/.ssh/id_ecdsa.pub.
The key fingerprint is:
XXXXXXXX-XXXXXXXX-YYYYYYYYYYYY-YYYYYYYYYYYY
Newer versions of macOS mandate a manual addition of the key to the keychain
For current macOS versions please add the key and follow this instruction to make it active also after a reboot.
Then copy the public key from your /Users/user/.ssh/id_ecdsa.pub
. This key needs to be distributed to all edge devices that should be accessed automatically. Select the SSH Keys option in the "Configure" menu. Then select the device or the group of devices this key should be distributed to. Add the user and the public key (any user can have multiple keys).
The next time the agent runs on the devices in scope it will add this public key to the keychain. When this is done then a log entry confirms this:
Now the devices are prepared for ssh without password access. Just start qbee-connect and connect one or many devices on port 22. In our case we connect to the device with user "pi". Calling the mapped port with the command ssh -p 63518 pi@localhost
will automatically log into the device: