SSH Passwordless Login Using SSH Keygen in 5 Easy Steps

SSH (Secure SHELL) is an open source and most trusted network protocol that is used to login into remote servers for execution of commands and programs. It is also used to transfer files from one computer to another computer over the network using secure copy (SCP) Protocol.

In this article we will show you how to setup password-less login on RHEL/CentOS 7.x/6.x/5.x and Fedora using ssh keys to connect to remote Linux servers without entering password. Using Password-less login with SSH keys will increase the trust between two Linux servers for easy file synchronization or transfer.

SSH Passwordless Login

Setup SSH Passwordless Login

My Setup Environment
SSH Client : 192.168.0.12 ( Fedora 21 )
SSH Remote Host : 192.168.0.11 ( CentOS 7 )

If you are dealing with number of Linux remote servers, then SSH Password-less login is one of the best way to automate tasks such as automatic backups with scripts, synchronization files using scp and remote command execution.

In this example we will setup SSH password-less automatic login from server 192.168.0.12 as user tecmint to 192.168.0.11 with user sheena.

Step 1: Create Authentication SSH-Kegen Keys on – (192.168.0.12)

First login into server 192.168.0.12 with user tecmint and generate a pair of public keys using following command.

[tecmint@tecmint.com ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/tecmint/.ssh/id_rsa): [Press enter key]
Created directory '/home/tecmint/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/tecmint/.ssh/id_rsa.
Your public key has been saved in /home/tecmint/.ssh/id_rsa.pub.
The key fingerprint is:
5f:ad:40:00:8a:d1:9b:99:b3:b0:f8:08:99:c3:ed:d3 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|        ..oooE.++|
|         o. o.o  |
|          ..   . |
|         o  . . o|
|        S .  . + |
|       . .    . o|
|      . o o    ..|
|       + +       |
|        +.       |
+-----------------+
Create SSH RSA Key

Create SSH RSA Key

Step 2: Create .ssh Directory on – 192.168.0.11

Use SSH from server 192.168.0.12 to connect server 192.168.0.11 using sheena as user and create .ssh directory under it, using following command.

[tecmint@tecmint ~]$ ssh sheena@192.168.0.11 mkdir -p .ssh

The authenticity of host '192.168.0.11 (192.168.0.11)' can't be established.
RSA key fingerprint is 45:0e:28:11:d6:81:62:16:04:3f:db:38:02:la:22:4e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.11' (ECDSA) to the list of known hosts.
sheena@192.168.0.11's password: [Enter Your Password Here]
Create SSH Directory Under User Home

Create SSH Directory Under User Home

Step 3: Upload Generated Public Keys to – 192.168.0.11

Use SSH from server 192.168.0.12 and upload new generated public key (id_rsa.pub) on server 192.168.0.11 under sheena‘s .ssh directory as a file name authorized_keys.

[tecmint@tecmint ~]$ cat .ssh/id_rsa.pub | ssh sheena@192.168.0.11 'cat >> .ssh/authorized_keys'

sheena@192.168.1.2's password: [Enter Your Password Here]
Upload RSA Key

Upload RSA Key

Step 4: Set Permissions on – 192.168.0.11

Due to different SSH versions on servers, we need to set permissions on .ssh directory and authorized_keys file.

[tecmint@tecmint ~]$ ssh sheena@192.168.0.11 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

sheena@192.168.0.11's password: [Enter Your Password Here]
Set Permission on SSH Key

Set Permission on SSH Key

Step 5: Login from 192.168.0.12 to 192.168.0.11 Server without Password

From now onwards you can log into 192.168.0.11 as sheena user from server 192.168.0.12 as tecmint user without password.

[tecmint@tecmint ~]$ ssh sheena@192.168.0.11
SSH Remote Passwordless Login

SSH Remote Passwordless Login

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Ravi Saive

I am Ravi Saive, creator of TecMint. A Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux. Follow Me: Twitter, Facebook and Google+

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

246 Responses

  1. Ramesh says:

    awesome document about the remote ssh setup….

  2. rick says:

    Here’s a much easier way to do it.

    On the client:

    $ ssh-keygen
    $ ssh-copy-id [user]@[server-ip]
    

    Done!

  3. sid says:

    Thanks, this worked like a charm!

  4. Tom Harrison says:

    I just learned recently that ssh has a simple command to automate the installation of the new public key on remote servers that does steps 2-4 automatically: ssh-copy-id.

  5. Martin says:

    Hey, how does it work if i want to shut-down 2 or more remote servers with this method, because when i try to do a 2nd remote then i can’t log into the 1st without password any more :(

    • Matt says:

      That doesn’t make sense to me. Do you mean that you are trying to shutdown machine c from machine b? Or are you trying to shut down both b and c from a

    • Matt says:

      Actually, I think you may be repeating the key gen step twice. Create the key once and copy to both targets.

  6. atomic.kidd says:

    Possible to update your publickey authentication method from ssh1 to ssh2 protocol-2 – as ssh1 is pretty much obsolete. As well proper use of ssh-keygen to generate higher value key-types for better ssh security!

  7. Ramesh Oruganti says:

    Good, Nice article and easy to understand. keep posted these kind of technical stuff. will help to new people who is new the environments.

  8. Rasheed says:

    This seems very complicated all you have to do is use the command ssh-copy-id [email protected] and it would copy that id into the users authorized host files and you can ssh without a password.

  9. Shrikant Ahire says:

    Thanks buddy, you explained this well. I liked your explanation and it was helpful to me in creating a passwordless ssh on my single node cluster. I’ll try similar steps on my multinode hadoop cluster.

  10. nawaz says:

    This will work for same users (with the name) on different servers to login into each other user without password? for me its asking password again while I try to login

Leave a Reply to atomic.kidd Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.