If you would like to automate many things in Linux based systems, the first requirement is to set up a passwordless SSH authentication between the Linux systems.
Also, it’s necessary to setup passwordless SSH authentication when you have large number of servers in your environment as you can’t able to enter the password every time in the terminal.
It could slow down your work when you are working with multiple servers in some issues.
It can be done easily by two simple steps. In this tutorial we will explain how to set up passwordless SSH login on Linux system.
What’s SSH?
SSH stands for Secure Shell is a cryptographic network protocol that provide secure encrypted communications between two untrusted hosts over an insecure network.
There are several options that can be used for user authentication but password-based authentication and public key-based authentication are widely used.
It is a best secure alternative to the non-protected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).
The SFTP (SSH File Transfer Protocol) is probably the most widely used secure file transfer protocol that runs over SSH.
Step-1 : Generate a Public/Private Key pair (RSA or DSA) on Your Local System
To do so, first we need to generate a SSH key pair (RSA or DSA) by running the ssh-keygen command.
Don’t enter a passphrase when it prompted, if you would like to setup fully password-less login.
$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/daygeek/.ssh/id_rsa): [Just, Press Enter Key] Enter passphrase (empty for no passphrase): [Just, Press Enter Key] Enter same passphrase again: [Just, Press Enter Key] Your identification has been saved in /home/daygeek/.ssh/id_rsa. Your public key has been saved in /home/daygeek/.ssh/id_rsa.pub. The key fingerprint is: SHA256:wYOgvdkBgMFy87Tn4uaZ5KyEdTMCUI3qZaUxvjs+p22 daygeek@CentOS7 The key's randomart image is: +--[ RSA 2048]----+ | o=| | .+.| | . .E+ o| | . . + . | | S o o . | | . o T o | | . o + = . | | . . = = | | . o | +-----------------+
The above command will create the below two files in the ~/.ssh
directory.
~/.ssh/id_rsa:
Private key~/.ssh/id_rsa.pub:
Public key
The generated keys can be viewed by using ls command.
$ ls -lh ~/.ssh/ total 12K -rw------- 1 daygeek daygeek 1.8K Mar 4 20:28 id_rsa -rw-r--r-- 1 daygeek daygeek 402 Mar 4 20:28 id_rsa.pub -rw-r--r-- 1 daygeek daygeek 788 Jun 18 13:28 known_hosts
Default it generates RSA type key pair and if you would like to generate DSA type key pair then use the -t
option with ssh-keygen command.
# ssh-keygen -t dsa
By default the key is 2048 bits long, if you prefer stronger security then you can specify a 4096 bits key with -b
option.
# ssh-keygen -t rsa -b 4096
Step-2: Upload Your Public Key to Remote Linux Server
This can be easily copied to remote Linux server using ssh-copy-id
command.
$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected] /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/daygeek/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
The public key will be stored in ~/.ssh/authorized_keys
file in the remote user’s home directory.
It’s a time to test this out. Now, you can able ssh into the remote server without entering the password.
$ ssh [email protected] Last login: Wed Jun 23 01:25:57 2019 from 219.91.219.14
Bonus Tips: How to Disable Password Authentication in Linux?
As we enabled public key-based authentication so, i would advise you to disable password-based authentication to prevent from brute force attack.
To do so, make the following changes in the /etc/ssh/sshd_config
file on the remote server.
# vi /etc/ssh/sshd_config PasswordAuthentication no ChallengeResponseAuthentication no
Finally restart the ssh service.
For SysVinit System.
# service ssh restart
For systemd System.
# systemctl restart ssh
I hope this tutorial helped you to set up passwordless ssh login on Linux system. As always, if you found this article is useful, then subscribe to our free newsletter to get more latest tips and tricks about Linux.