Passwordless ssh login
May 3, 2016

Passwordless ssh login

Posted on May 3, 2016  •  3 minutes  • 430 words  •  Suggest Changes

Being able to login without typing a password is not only more efficiently but one could argue its also safer. Its one of those thing you do once, and it just keeps on working, however I find myself asking how the heck did I fix this again. Well for my future self, this is how its done : logging in on Linux without using a username/password request.

I think most common distributions have this installed by default, but if not, you need the openssh package. For Centos that’s : openssh

# yum install openssh
Package openssh-6.6.1p1-25.el7_2.x86_64 already installed and latest version
Nothing to do

On Debian’s side : openssh-client

# apt-get install openssh-client
openssh-client is already the newest version.

Creating the keypair**
Is as easier then it sounds, **ssh-keygen -t rsa

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/
The key fingerprint is:
74:23:------------:91:c2:b2:f0:4f root@server
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |

If you leave the request for password empty, it won’t ask you for a password and be the easiest, (which I use), however if you lose the machine (virtual or physically) the access is compromised. You have been warned.

Copy’ing the key to the remote server
Now we created a public (/root/.ssh/ and private key (/root/.ssh/id_rsa), its time to send over the public key to the server, I use two methods, as the first method depends on the binary ssh-copy-id which is not available on all systems. (mostly older systems don’t have it)

ssh-copy-id -i /root/.ssh/ user@server

The -i is for identity_file, not case insensitive … user@server,  know that this was done for a root user, if you do it as a different use adapt paths.

The second method, is just copy’ing the key directly to the authorized_keys using command line from the first server, this only works when in fact you can login with a password, in fact it happens a some users don’t have a password. Then you really need to manually do this step, if they have, you can just let Linux copy & paste it for you.

cat /root/.ssh/ | ssh root@server 'cat >> /root/.ssh/authorized_keys'

That’s it ! You can now login w/o using username/password login! Also rsync & scp will now stop bothering you for passwords !




If you enjoyed this website, consider buying me a Dr. Pepper

Buy me a Dr PepperBuy me a Dr Pepper