SSH Passwordless Login Using SSH Keygen in 5 Easy Steps

SSH (Secure SHELL) is an open source and most trusted network protocol that is used to login into remote servers for execution of commands and programs. It is also used to transfer files from one computer to another computer over the network using secure copy (SCP) Protocol.

In this article we will show you how to setup password-less login on RHEL/CentOS 7.x/6.x/5.x and Fedora using ssh keys to connect to remote Linux servers without entering password. Using Password-less login with SSH keys will increase the trust between two Linux servers for easy file synchronization or transfer.

SSH Passwordless Login

Setup SSH Passwordless Login

My Setup Environment
SSH Client : 192.168.0.12 ( Fedora 21 )
SSH Remote Host : 192.168.0.11 ( CentOS 7 )

If you are dealing with number of Linux remote servers, then SSH Password-less login is one of the best way to automate tasks such as automatic backups with scripts, synchronization files using scp and remote command execution.

In this example we will setup SSH password-less automatic login from server 192.168.0.12 as user tecmint to 192.168.0.11 with user sheena.

Step 1: Create Authentication SSH-Kegen Keys on – (192.168.0.12)

First login into server 192.168.0.12 with user tecmint and generate a pair of public keys using following command.

[tecmint@tecmint.com ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/tecmint/.ssh/id_rsa): [Press enter key]
Created directory '/home/tecmint/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/tecmint/.ssh/id_rsa.
Your public key has been saved in /home/tecmint/.ssh/id_rsa.pub.
The key fingerprint is:
5f:ad:40:00:8a:d1:9b:99:b3:b0:f8:08:99:c3:ed:d3 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|        ..oooE.++|
|         o. o.o  |
|          ..   . |
|         o  . . o|
|        S .  . + |
|       . .    . o|
|      . o o    ..|
|       + +       |
|        +.       |
+-----------------+
Create SSH RSA Key

Create SSH RSA Key

Step 2: Create .ssh Directory on – 192.168.0.11

Use SSH from server 192.168.0.12 to connect server 192.168.0.11 using sheena as user and create .ssh directory under it, using following command.

[tecmint@tecmint ~]$ ssh sheena@192.168.0.11 mkdir -p .ssh

The authenticity of host '192.168.0.11 (192.168.0.11)' can't be established.
RSA key fingerprint is 45:0e:28:11:d6:81:62:16:04:3f:db:38:02:la:22:4e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.11' (ECDSA) to the list of known hosts.
sheena@192.168.0.11's password: [Enter Your Password Here]
Create SSH Directory Under User Home

Create SSH Directory Under User Home

Step 3: Upload Generated Public Keys to – 192.168.0.11

Use SSH from server 192.168.0.12 and upload new generated public key (id_rsa.pub) on server 192.168.0.11 under sheena‘s .ssh directory as a file name authorized_keys.

[tecmint@tecmint ~]$ cat .ssh/id_rsa.pub | ssh sheena@192.168.0.11 'cat >> .ssh/authorized_keys'

sheena@192.168.1.2's password: [Enter Your Password Here]
Upload RSA Key

Upload RSA Key

Step 4: Set Permissions on – 192.168.0.11

Due to different SSH versions on servers, we need to set permissions on .ssh directory and authorized_keys file.

[tecmint@tecmint ~]$ ssh sheena@192.168.0.11 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

sheena@192.168.0.11's password: [Enter Your Password Here]
Set Permission on SSH Key

Set Permission on SSH Key

Step 5: Login from 192.168.0.12 to 192.168.0.11 Server without Password

From now onwards you can log into 192.168.0.11 as sheena user from server 192.168.0.12 as tecmint user without password.

[tecmint@tecmint ~]$ ssh sheena@192.168.0.11
SSH Remote Passwordless Login

SSH Remote Passwordless Login

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Ravi Saive

I am Ravi Saive, creator of TecMint. A Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux. Follow Me: Twitter, Facebook and Google+

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

247 Responses

  1. Rajarshi Bandopadhyay says:

    I am sorry, but this did not work. The key clearly did not do the needful, and SSH had to proceed to password.

    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/rajarshi/.ssh/id_rsa RSA SHA256:fRkni96PqvRcjzDxjSKhLnNaCazOdOgTFzsKliz7fas
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug1: Trying private key: /home/rajarshi/.ssh/id_dsa
    debug1: Trying private key: /home/rajarshi/.ssh/id_ecdsa
    debug1: Trying private key: /home/rajarshi/.ssh/id_ed25519
    debug1: Trying private key: /home/rajarshi/.ssh/id_xmss
    debug1: Next authentication method: password

  2. santosh parab says:

    Very helpful article..

  3. navin prasad says:

    I’m getting the error “Permission denied (publickey).” I have pasted the public key in /home/ubuntu/.ssh/authorized_keys the server. But while establishing the connection, I’m getting the error.

  4. Tiny says:

    If you are getting prompted for SSH password then you missed a step :)

    Make sure that you save the id_rsa.pub (the public key) into the keys folder of the user that you wish to SSH into.

    So for example, if you want to SSH as root, then you need the key stored in /root/.ssh/authorized_keys.

    If you want to ssh as ‘yourname‘ then it will be /home/yourname/.ssh/authorized_keys.

    To set this up, you first need to SSH into the destination with username/password combination. Now you’re in, you can copy the ssh public key into the right location. This is why you see “enter your password here” above.

  5. resh says:

    Really awesome article, thank you very much.

  6. BKT says:

    what is the password used in ENTER YOUR PASSWORD section

  7. jivnesh says:

    Thanks. It works in one go, without any error.

  8. RF says:

    I’ve followed your very useful and detailed tutorial line for line but still get prompted for a password each time I ssh into the remote host. Are there any settings in ssh_config or sshd_config that need updating following this?

    • Ali Ahmed says:

      same issue here using Redhat 6.9

    • Chris Pesoa says:

      @RF and @AliAhmed

      Try this:

      On the machine where the ‘authorized_keys‘ file resides, set proper permissions for the directory .ssh and the file.

      # chmod 700 ~/.ssh/
      # chmod 600 ~/.ssh/authorized_keys
      

      Then, to test:

      In the SSHD config file: */etc/ssh/sshd_config*

      Disable PasswordAuthentication directive
      PasswordAuthentication no
      

      Save, reload/restart sshd deamon.

      This should solve the prompting password field.

      Good luck.

  9. DBA Canada says:

    The best and clear explanation ever. Thanks for doing this and keep it up with this excellent articles

    • G S says:

      Hi,
      A very simple explanation with all descriptive steps. I win in the first attempt
      Thanks for your efforts in this article.

Leave a Reply to jivnesh Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.