Search
Close this search box.

How to setup PasswordLess SSH in Linux

Table of Contents

Tutorial on PasswordLess SSH in Linux

 

SSH  is a protocol used for encrypting communication between a server and a client. The telnet protocol has been replaced with this. And most Linux distributions come with SSH by default. The cryptographic protocol allows you to manage machines, copy, or move files to and from remote servers via encrypted channels. Logging into a remote system via SSH can be done two ways, with passwords or with public-key authentication (passwordless SSH login). 

 

 

 

Here, we discuss the second method of authentication, which is public-key authentication (passwordless SSH login). 

 

 

 

Utilizing public/private keys as authentication provides the following advantages:

 

 

  • The server won’t ask you for a password every time you access it.
  • It is impossible for any unauthorized person to gain access to your server unless they have the right key.
 

So lets begin,

 
 

Step 1: Create keys on the Local machine

It is recommended that you create keys on each host that you wish to gain access to. When there are 5 hosts from where you wish to access a server, we must create keys on each of them.
 
Run the ssh-keygen command to create an SSH authentication-key file if one does not exist. If password-less login is required, enter a blank passphrase when prompted:  
 
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:fHriTAQVNPywHDfT3DV3LQChUSXavB2VyfTdfg96/Ys
 
 

Step 2: Public key to remote host

 
By using ssh-copy-id, the public portion of the newly-created authentication key is installed to a particular user’s home directory. When using ssh-copy-id, the identity information will be appended to the ~/.ssh/authorized_keys of the specified user
 
# ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-host
user@remote-hosts's password:
 
For servers without OpenSSH-clients, the authentication key can be copied as follows:
 
# cat ~/.ssh/id_rsa.pub | ssh user@remote-host "cat >> ~/.ssh/authorized_keys"
 
The remote host should be accessible without a password if everything is configured correctly.
 

Step 3: Verify correct permissions

 
 
In almost all cases, file permissions on the remote ssh server are to blame for key-based ssh authentication failures. Even after following the steps above, SSH  to the appropriate user may still ask you for your password. If so, examine both the local and remote users’ permissions. The directory’s permissions should exactly match those shown below. This example shows permissions for “vpsie”.
 
drwx------. 25 vpsie oinstall 4096 Aug 21 11:01 /home/vpsie/
drwx------.  2 vpsie oinstall 4096 Aug 17 13:13 /home/vpsie/.ssh
-rw-------.  1 vpsie oinstall  420 Aug 17 13:13 /home/vpsie/.ssh/authorized_keys
 
Ensure you have correct permissions if the above is not the case, change them.
 
# chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh/

 

 

To make sure the changes take effect, restart the sshd service:

 

 

 

# service sshd restart

 

In another case, SELinux may also interfere with sshd ability to access the ~/.ssh file on the server. By performing restorecon on the remote user’s */.ssh directory, you can determine the problem:  

 

 

# restorecon -Rv ~/.ssh

 

That’s it

 

We hope this tutorials was informative for you!

 

 

Home

 
Make a Comment
{{ reviewsTotal }}{{ options.labels.singularReviewCountLabel }}
{{ reviewsTotal }}{{ options.labels.pluralReviewCountLabel }}
{{ options.labels.newReviewButton }}
{{ userData.canReview.message }}
Share on
Facebook
Twitter
LinkedIn
Print
VPSie Cloud service

Fast and Secure Cloud VPS Service

Try FREE
For a month

The First 1 orders gets free discount today! Try Sign up on VPSie to get a chance to get the discount.