Did You Know?
Donate to TecMint

We are pleased to announce our new TecMint Q/A section to submit your Linux questions

SSH Passwordless Login Using SSH Keygen in 5 Easy Steps

Download Your Free eBooks NOW - 10 Free Linux eBooks for Administrators

SSH (Secure SHELL) is an open source and most trusted network protocol that is used to login into remote servers for execution of commands and programs. It is also used to transfer files from one computer to another computer over the network using secure copy (SCP) Protocol.

In this article we will show you how to setup password-less login using ssh keys to connect to remote Linux servers without entering password. Using Password-less login with SSH keys will increase the trust between two Linux servers for easy file synchronization or transfer.

SSH Passwordless Login

Setup SSH Passwordless Login

If you are dealing with number of Linux remote servers, then SSH Password-less login is one of the best way to automate tasks such as automatic backups with scripts, synchronization files using scp and remote command execution.

In this example we will setup SSH password-less automatic login from server 192.168.1.1 as user tecmint to 192.168.1.2 with user sheena.

Step 1: Create Authentication SSH-Kegen Keys on – (192.168.1.1)

First login into server 192.168.1.1 with user tecmint and generate a pair of public keys using following command.

[tecmint@tecmint.com ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/tecmint/.ssh/id_rsa): [Press enter key]
Created directory '/home/tecmint/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/tecmint/.ssh/id_rsa.
Your public key has been saved in /home/tecmint/.ssh/id_rsa.pub.
The key fingerprint is:
af:bc:25:72:d4:04:65:d9:5d:11:f0:eb:1d:89:50:4c tecmint@tecmint.com
The key's randomart image is:
+--[ RSA 2048]----+
|        ..oooE.++|
|         o. o.o  |
|          ..   . |
|         o  . . o|
|        S .  . + |
|       . .    . o|
|      . o o    ..|
|       + +       |
|        +.       |
+-----------------+

Step 2: Create .ssh Directory on – 192.168.1.2

Use SSH from server 192.168.1.1 to connect server 192.168.1.2 using sheena as user and create .ssh directory under it, using following command.

[tecmint@tecmint ~]$ ssh sheena@192.168.1.2 mkdir -p .ssh

The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established.
RSA key fingerprint is d6:53:94:43:b3:cf:d7:e2:b0:0d:50:7b:17:32:29:2a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.2' (RSA) to the list of known hosts.
sheena@192.168.1.2's password: [Enter Your Password Here]

Step 3: Upload Generated Public Keys to – 192.168.1.2

Use SSH from server 192.168.1.1 and upload new generated public key (id_rsa.pub) on server 192.168.1.2 under sheena‘s .ssh directory as a file name authorized_keys.

[tecmint@tecmint ~]$ cat .ssh/id_rsa.pub | ssh sheena@192.168.1.2 'cat >> .ssh/authorized_keys'

sheena@192.168.1.2's password: [Enter Your Password Here]

Step 4: Set Permissions on – 192.168.1.2

Due to different SSH versions on servers, we need to set permissions on .ssh directory and authorized_keys file.

[tecmint@tecmint ~]$ ssh sheena@192.168.1.2 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

sheena@192.168.1.2's password: [Enter Your Password Here]

Step 5: Login from 192.168.1.1 to 192.168.1.2 Server without Password

From now onwards you can log into 192.168.1.2 as sheena user from server 192.168.1.1 as tecmint user without password.

[tecmint@tecmint ~]$ ssh sheena@192.168.1.2

Ravi Saive

Owner at TecMint.com
Simple Word a Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux.

Linux Services & Free WordPress Setup

Our post is simply ‘DIY’ aka ‘Do It Yourself, still you may find difficulties and want us to help you out. We offer wide range of Linux and Web Hosting Solutions at fair minimum rates. Please submit your orders by Clicking Here.

63 Responses

  1. Oleksiy says:

    For Debian only 3 steps :)
    1) Generate ssh keys.
    2) Run ‘ssh-copy-id’ (copy your ssh public key ) to remote host
    3) login to remote host using ssh keys.

  2. ahmed says:

    Greet Thanks for you sir

    you saved my hadoop Way :D

  3. Alexander says:

    I don’t do this with Fedora and Ubuntu GNU/Linux System. Ubuntu to Fedora is great, but trying with Fedora to Ubuntu, no function. I need help. Please.

    Thanks.

    • Ravi Saive says:

      Can you tell exactly what errors you getting or you could post them here. so we could work out and give you a way to communicate your fedora to Ubuntu system.

  4. intel_chris says:

    Most of the time this works great for me, which is important because as part of an automated test environment I have scripts that need to send root commands to other systems on their LANs with ssh and if the target system prompts for a password the script fails. However, I have a Fedora 16 system that refused to honor the authorized_keys file in roots ~/.ssh and prompts for a password anyway. I don’t know what is causing it to do that, when the other Linux boxes all work fine (and the Fedora box works fine for non-root use logins). Note, the system does let me ssh login as root, because I can enter the pasword, but not the script.

  5. Sevior Austria says:

    this didn’t work for me :(

    Mine are 2 CentOS 5.8 servers, but I don’t know why this didn’t work. Can someone help out?

  6. Zolzaya says:

    one-to-one connection without passwordless was successfully. But one-to-two connection was failed, first one is successful, second one is not login without password. help me??

  7. Zolzaya says:

    In my opinion, our created id_rsa.pub key at host node copy to other two nodes’s home directory. then create authuorized_keys on other two site. Is it true?

  8. Sayantani says:

    It was really a great help indeed. Thank u so much.. it served my purpose.

  9. Prince says:

    Hi,

    i have a problem of moving data from Hue to HDFS.

    may you please guide me on how do i do about that.

    Thanks

  10. Arvind says:

    Hi,

    I followed above steps but still not able to connect to my server without password.
    i am using
    server 1 : Red Hat Enterprise Linux Server release 5.5
    server 2 : Red Hat Enterprise Linux Server release 6.2
    i want to connect from server one to two without password.

    please help.

    Thanks and Regards,

    Arivnd.S

    • Ravi Saive says:

      Login into server1 and run the following commands.

      ssh-keygen -t rsa
      ssh user@server2 mkdir -p .ssh
      cat .ssh/id_rsa.pub | ssh user@server2 'cat >> .ssh/authorized_keys'
      ssh user@server2 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
      

      Now try to login to server2, it will won’t prompt you to enter password. Try and let me know.

      ssh user@server2
      

      Thanks..

      • Arvind says:

        Followed above instruction.
        still not able to connect to my server without password.
        there was no error while following above steps.
        do i need to check any specific log for messages?

        Thanks

      • Mithilesh says:

        It is asking password for me. place of user i am using “root” user.

        Thanks,,

        • KC says:

          PAM may be blocking you from logging in as root remotely. Try it with a mere mortal user (not root) and verify it works okay. If it does, then look more at /etc/pam.d/sshd and similar files on the target host.

  11. Hello. Here are some preliminary system specs:

    Local: Fedora 18 (Desktop Interface)
    Server: Ubuntu 12

    Setting up password-less ssh works fine from Ubuntu system to Ubuntu Server. From Fedora, not so much. The “copy-id” command works, and initially requests the password to fulfill the request. From Fedora, I ssh into my Ubuntu server and it still prompts for a password. Is there something different in sshd or elsewhere that we should be reviewing?

    Troubleshooting:

    I rebooted both devices to ensure that all services restart, and also verified that the services were running upon reboot.

    Any information on this would be most helpful. Thank you.

  12. Powerball says:

    A great tip, thanks. Used with mySQL in order to dump and load a database from one server to another. See here:

    ssh -C user@host ‘mysqldump -u dbuser –password=dbpass -D dbname | gzip’ | gzip -d | mysql -u dbuser –password=dbpass -D dbname

    Thanks, again!

  13. Raja says:

    I followed the above steps which mentioned by you. But still when i try to do ssh, its asking for password. can you pls let me know is there anything i have to do. i am trying to login from fedora 18 to fedore 11. please guide

    • Ravi Saive says:

      Have you uploaded Generated Public Key to remote server under authorized_keys file?. Please check content of authorized_keys file.

  14. ravindra says:

    insted of rsa we can use dsa also
    dsa is the new one

  15. Hary says:

    Many thanx for your brilliant steps.. :))

  16. jyoti says:

    i tried the same approach i was able to login from one env to another but while trying to fire sudo su – Command its still asking for password :(

  17. waqas says:

    my server is down when i want to login through putty using ssh it gives error connection time out …now i want o work on my server how can i login through putty to work on it

  18. A says:

    How will this script function incase I use RSA securID to log in to the servers?

  19. sushant says:

    Awesome. Its perfectly working. :)

  20. chandresh says:

    hi can u help me.

    in my fedora 19 system on gui base the sftp not working but on terminal when i login to sftp it is working fine can u give me the solution of this error.

  21. E.Mata says:

    how would it work if the account (1) is being used in a SCP command as scp file act1@home machine where acct 1 is not defined to where the SCP command is running ( remote machine ?

    Example:

    Unix 2 uses acct2 has its home env and executes the scp file acct1@localmachine where acc1 is defined.

    Does an authorized_keys file into the .ssh directory of acct1 needed?

  22. Eddie G. says:

    I think a lot of problems with the two-way connection between Fedora might be an SELinux issue?…..just throwing that one out there!….and thanks for the article…very educational!!

  23. Drew says:

    Seems I have a permission error when trying to create the .ssh directory. Could you help?

    Could not chdir to home directory /var/services/homes/Inspections: Permission denied
    mkdir: can’t create directory ‘.ssh’: Permission denied

    • Ravi Saive says:

      Why you creating under /var directory, it should be under user’s home directory (i.e. /home).

      • Drew says:

        Yes I re-did all the steps and it has worked. I have one more question. I have a second server I’d like to add to authorized_keys

        Can you tell me the proper syntax to append the file for Step 3 above so that both servers can login?

  24. Vivek says:

    It’s great..!

  25. sangeetha says:

    I was enabling ssh passwordless login sun solaris server. I followed all the steps above.
    But it still prompting for password.

    I tried to debug. Here is the debug output.

    ssh -v oracle@192.6.14.41
    Sun_SSH_1.1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Rhosts Authentication disabled, originating port will not be trusted.
    debug1: ssh_connect: needpriv 0
    debug1: Connecting to 192.6.14.41 [192.6.14.41] port 22.
    debug1: Connection established.
    debug1: identity file /appbin/oracle/uccdev/.ssh/identity type -1
    debug1: identity file /appbin/oracle/uccdev/.ssh/id_rsa type 1
    debug1: identity file /appbin/oracle/uccdev/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.3
    debug1: match: Sun_SSH_1.1.3 pat Sun_SSH_1.1.*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-Sun_SSH_1.1.3
    debug1: use_engine is ‘yes’
    debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
    debug1: pkcs11 engine initialization complete
    debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
    Unknown code 0
    )
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: Peer sent proposed langtags, ctos: i-default
    debug1: Peer sent proposed langtags, stoc: i-default
    debug1: We proposed langtags, ctos: i-default
    debug1: We proposed langtags, stoc: i-default
    debug1: Negotiated lang: i-default
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: Remote: Negotiated main locale: C
    debug1: Remote: Negotiated messages locale: C
    debug1: dh_gen_key: priv key bits set: 125/256
    debug1: bits set: 1628/3191
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host ’192.6.14.41′ is known and matches the RSA host key.
    debug1: Found key in /appbin/oracle/uccdev/.ssh/known_hosts:1
    debug1: bits set: 1563/3191
    debug1: ssh_rsa_verify: signature correct
    debug1: newkeys: mode 1
    debug1: set_newkeys: setting new keys for ‘out’ mode
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: newkeys: mode 0
    debug1: set_newkeys: setting new keys for ‘in’ mode
    debug1: SSH2_MSG_NEWKEYS received
    debug1: done: ssh_kex2.
    debug1: send SSH2_MSG_SERVICE_REQUEST
    debug1: got SSH2_MSG_SERVICE_ACCEPT
    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
    debug1: Next authentication method: gssapi-keyex
    debug1: Next authentication method: gssapi-with-mic
    debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
    Unknown code 0
    )
    debug1: Next authentication method: publickey
    debug1: Trying private key: /appbin/oracle/uccdev/.ssh/identity
    debug1: Trying public key: /appbin/oracle/uccdev/.ssh/id_rsa
    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
    debug1: Trying public key: /appbin/oracle/uccdev/.ssh/id_dsa
    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    Password:

    Can you please help me out?

  26. Juan says:

    Ravi,
    Followed your steps, one by one without error, and still it is asking for password.

    Local machine:
    $ uname -a
    Linux xxxxx 2.6.18-164.2.1.el5 #1 SMP Mon Sep 21 04:37:42 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

    Remote machine:
    $ uname -a
    Linux yyyyyy 2.6.18-128.el5 #1 SMP Wed Jan 21 08:45:05 EST 2009 x86_64 x86_64 x86_64 GNU/Linux

  27. Jagan says:

    hi ,

    I followed the above steps but unable to connect without pasword. my os is cento 6.5…there is use root instead of user on both users…. i think this is not a big mistake….. #scp id_rsa.pub root@xxxx..x.xxxxx.. but i am not able to get in…Could you please help me out…


    Thanks
    Jagan

  28. sugatant itlog says:

    Thank you and it work perfectly. But I think those that got problems using this guidelines was because of SELinux. Cause I experienced the same following this guide in a centos/rhel environment.

    Just do the either of the below commands and afterwards you should be able to ssh without asking for password.

    [root@centossrv1 ~]# ssh root@tester1 “restorecon -R /root/”
    root@tester1′s password:

    or

    [root@tester1 ~]# restorecon -R /root/

    Again, thank you tecmint and more power!

    • sugatant itlog says:

      [root@centossrv1 ~]# cat .ssh/id_rsa.pub | ssh root@tester1 ‘cat >> .ssh/authorized_keys’
      root@tester1′s password:
      [root@centossrv1 ~]# ssh root@tester1 “chmod 700 .ssh; chmod 640 .ssh/authorized_keys; chmod go-rwx .ssh/authorized_keys”
      root@tester1′s password:

      Well, this was I did. in my case.

      Thanks again!

    • bigdog says:

      I was stuck and this step definitely helped. Thank you.

  29. Meszias says:

    I haven’t realized about the chmod on path and on the file

  30. srikanth says:

    I followed up all the steps and got no error whatsoever. But it still doesn’t work. Any ideas?
    Tnx

  31. kumaravel says:

    I have followed the steps given

    But I think there is a problem with the user I am trying to login with because of which passwordless ssh is NOT working

  32. Vin says:

    check the stickybit on the folder which contains .ssh folder, remove the stickybit if it exists… chmod g-s dirname

  33. Praveen says:

    Sir ,
    I am using your following step, I am trying to login. which passwordless ssh is NOT working.

  34. Shivaji says:

    Thanks Ravi.Worked for me…

  35. Vlad says:

    I fought with this for a while and found that the permissions on the user’s home directory needed to be updated from:

    drwxrwxr-x

    to:

    drwxr-xr-x

    by running the following as the user in the user’s home dir:

    [user@host ~]# chmod 755 .

    This fixed it for me.

  36. Deepak Gupta says:

    Absolutely love this post !! Thanks for sharing these steps.

  37. dung says:

    work perfect for me!
    ENV:
    - client: GLSDK 6.04 for OMAP5 EVM reference board
    - server: CentOS 5.5
    Thanks!

  38. srikant says:

    Hi ,

    I was able to successfully able to login to server 2 passwordlessly from server 1. But this is getting reset after a while( maybe after 24 hours) and again i have to enter password. How to make this change permanent.

    • Ravi Saive says:

      No, it will not automatically reset itself, someone from you team might doing it or some scripts might reset your ssh logins.

    • sugatang itlog says:

      Or probably there’s system configuration management (like chef, puppet, ansible and the like) that governs (your infrastructure) the ssh authorized_keys.

  39. Nick says:

    Hello Can you help me. While setting up ssh key i forgot to give 600 permission to authorized_keys file and now connection is closed please help me with this, now how can i login to other server its always showing connection closed by some ip. Please help

  40. Anand says:

    Hello Ravi,
    I followed your steps to do password-less ssh between two ubuntu systems, the commands executed properly, not even single error but after everything still it is asking password to connect.
    ** any different procedure for ubuntu OS???
    Please help me out..

    • Ravi Saive says:

      Procedure is same for all Linux OS’s, but never yet tried on Ubuntu systems, will try and let you know, why its still asking for password.

Leave a Reply

This work is licensed under a (cc) BY-NC | TecMint uses cookies. By using our services, you comply to use of our cookies. More info: Privacy Policy.
© 2012-2014 All Rights Reserved.