How to SSH into openhabian with no password (linux)

Harpo3 · June 30, 2019, 6:10pm

I did not find a specific tutorial, so here is a step-by-step for enabling ‘no password’ access from your Linux machine into your openhabian install (Sorry, this does not cover Windows). In my case, openhabian is installed on a RPi 3.

On both your client (the one you are using to connect to openhabian) and host (the openhabian one) you need to have openssh installed. openssh should already be installed on openhabian, but verify by logging into openhabian and run this on the command line:

sudo systemctl status ssh

Next, you will need to change permissions in openhabian so your client can place a public key in openhabian (you may need sudo with these commands):

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Now, exit openhabian. Then install openssh on your client machine (if not already installed).
From the command line of your client machine, verify that is done with the same command used earlier for openhabian:

sudo systemctl status ssh

If that fails, you might need to check for the daemon instead:

sudo systemctl status sshd

Next, while still on your client machine, we are going to create a key pair and publish a public key from it to your openhabian host machine.

Generate a key pair with the following command (NOTE----> do NOT enter a password for your keypair):

ssh-keygen

Then, send the public key to openhabian:

ssh-copy-id openhabian@<IP_address_openhabian>

That’s it!

Test your no password connection by connecting to openhabian from the command line of your client machine with:

ssh openhabian@<IP_address_openhabian>

mstormi · June 30, 2019, 6:17pm

FWIW, see this post to also ssh into the Karaf console.

rlkoshak · July 1, 2019, 2:55pm

On Windows, you will want to set up Pagent (or equivalent, for users of Keepass2, there is a Pagent plugin which is kind of nice), import your keys and then Putty (or your ssh client of choice) will get the key from Pagent.

SHUred · August 1, 2021, 2:29pm

Hi there and thanks for the introduction.

I sucessfully sent my key to openhabian, but on connecting via ssh still the password is prompted.

I have no config file in my ~/.ssh/ folder → I wanted to add “PubkeyAuthentication yes” but dont know where

Does anyone know what im doing wrong?

I did not include my generated file on my machine into the default id_rsa file, but generated one in a different file id_raspi → Is this a problem?

SHUred · August 1, 2021, 2:47pm

EDIT:

Ok by using
ssh xx.xx.xx.xx -v
i could see in the log, that my separate id_raspi file is not used

I think i have just to adjust my ssh-config on my machine, to use the separate file.

Thanks and sorry for the rushed question

Mike_HT · March 3, 2023, 9:27am

I think you are not far away with the approach that you suggested. On a proper How To / Tutorial check out the below link. You need to ensure you have a key pair based on a private and public key. The private key sits on your comnputer, whilst the public key needs to go to the OpenHAB autzorized_keys file.

Note, there are various cryptographic options to create keys (e.g. RSA, ed25519). I however suggest to update the keys to ed25519 to have the most modern and considered secure one.

This can be done by generating new keys leveraging on the below command:

ssh-keygen -t ed25519 -C "Your@E-MailAddress.com"

Link to a proper HowTo:
SSH Key Authentication for OpenHAB