How to Setup SSH Passwordless Login in Linux [3 Easy Steps]

SSH (Secure SHELL) is an open-source and trusted network protocol that is used to log in to remote servers for the execution of commands and programs.

It is also used to transfer files from one computer to another computer over the network using a secure copy (SCP) command and rsync command.

In this article, we will show you how to set up password-less login on RHEL-based Linux distributions such as CentOS, Fedora, Rocky Linux & AlmaLinux, and Debian-based distributions such as Ubuntu & Mint using ssh keys to connect to remote Linux servers without entering a password.

Using Password-less login with SSH keys will increase the trust between two Linux servers for easy file synchronization or transfer.

My Setup Environment
SSH Client : 192.168.0.12 ( Fedora 36 )
SSH Remote Host : 192.168.0.11 ( CentOS 8 )

If you are dealing with several Linux remote servers, then SSH Password-less login is one of the best ways to automate tasks such as automatic backups with scripts, synchronization files using the SCP command, and remote command execution.

In this example, we will set up SSH password-less automatic login from server 192.168.0.12 as user tecmint to 192.168.0.11 with user sheena.

Step 1: Create Authentication SSH-Keygen Keys on – (192.168.0.12)

First login into server 192.168.0.12 with user tecmint and generate a pair of public keys using the following command.

$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/tecmint/.ssh/id_rsa): [Press enter key]
Created directory '/home/tecmint/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/tecmint/.ssh/id_rsa.
Your public key has been saved in /home/tecmint/.ssh/id_rsa.pub.
The key fingerprint is:
5f:ad:40:00:8a:d1:9b:99:b3:b0:f8:08:99:c3:ed:d3 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|        ..oooE.++|
|         o. o.o  |
|          ..   . |
|         o  . . o|
|        S .  . + |
|       . .    . o|
|      . o o    ..|
|       + +       |
|        +.       |
+-----------------+

Create SSH RSA Key

Step 2: Upload SSH Key to – 192.168.0.11

Use SSH from server 192.168.0.12 and upload a newly generated public key (id_rsa.pub) on server 192.168.0.11 under sheena‘s .ssh directory as a file name authorized_keys.

$ ssh-copy-id [email protected]

Make sure that the correct permissions are set on the ~/.ssh directory and the ~/.ssh/authorized_keys file on the remote server.

$ ssh [email protected] "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"

Step 3: Disable Password Authentication (Optional)

For increased security, you can disable password authentication on the remote server and only allow SSH key authentication. To do this, open the SSH server configuration file on the remote server:

$ sudo nano /etc/ssh/sshd_config
OR
$ sudo vi /etc/ssh/sshd_config

Find the line containing PasswordAuthentication and set it to no.

PasswordAuthentication no

Save the file and restart the SSH service.

$ sudo systemctl restart sshd

Step 4: Test SSH Passwordless Login from 192.168.0.12

From now onwards you can log into 192.168.0.11 as a sheena user from server 192.168.0.12 as a tecmint user without a password.

$ ssh [email protected]

SSH Remote Passwordless Login

In this article, you’ve learned how to set up an SSH Passwordless login using an ssh key. I expect that the process was straightforward. If you have any questions, please post them in the comment section below.

Ravi Saive
I am an experienced GNU/Linux expert and a full-stack software developer with over a decade in the field of Linux and Open Source technologies

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

280 thoughts on “How to Setup SSH Passwordless Login in Linux [3 Easy Steps]”

    • @Dragonmouth,

      Passwordless authentication is safe, secure, and easy to use, as it reduces attack vectors by eliminating password management practices…

      Reply
  1. ssh root@IPaddress
    root@IPaddress’s password:
    Permission denied, please try again.
    root@IPaddress’s password:
    Permission denied, please try again.
    root@IPaddress’s password:
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,hostbased).

    The problem is I tried the methods related to public key generation. But no matter I do what it always keeps asking for a password and my permission gets denied.
    All conventional methods have failed.
    Need urgent help.

    Reply
    • Step 1: ssh-keygen -t rsa

      Step 2: ssh root@IPaddress mkdir -p .ssh

      root@IPaddress’s password:
      Permission denied, please try again.
      root@IPaddress’s password:
      Permission denied, please try again.
      root@IPaddress’s password:
      Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,hostbased).

      Please help. It’s urgent

      Reply
  2. Hey,

    I’m just copy-paste for the same command. But it’s asking password!

    Please guide me for the same :

    SSH Client : 10.10.10.4
    SSH Remote Host: 10.10.10.5

    Step 1: Create Authentication SSH-Keygen Keys on – (10.10.10.4)

    [[email protected] ~]$ ssh-keygen -t rsa
    

    Step 2: Create .ssh Directory on – 10.10.10.5

    [tecmint@tecmint ~]$ ssh [email protected] mkdir -p .ssh
    

    Step 3: Upload Generated Public Keys to – 10.10.10.5

    [tecmint@tecmint ~]$ cat .ssh/id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys'
    

    Step 4: Set Permissions on – 10.10.10.5

    [tecmint@tecmint ~]$ ssh [email protected]  "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
    

    Step 5: Login from 10.10.10.4 to 10.10.10.5 Server without Password

    [tecmint@tecmint ~]$ ssh [email protected] 
    

    CRDB@Consul-Server1:/root$ ssh [email protected].5
    [email protected].5’s password:

    Thanks
    Raj

    Reply
    • Hi, I was in the same situation, but I make the next simple and more natural steps (from an SSH perspective)

      After you create keygen, make:

       
      $ ssh-add id_rsa
      

      So the server print: “Identity added: (id_rsa)”.

      next

      $ ssh-copy-id [email protected]  
      

      System request the CRDB password and later the server print: “Number of keys (s) added: 1”

      finally, you can do:

      $ ssh [email protected]
      

      Also, you must check the /eth/ssh/sshd_config in your remote server (in your case 10.10.10.5) and set the next values :

      PermitRootLogin yes #only if you will be use root user
      PubkeyAuthentication yes # required yes
      PasswordAuthentication yes # you can set to NO when requires only SSH passwordless, and check that works fine, but also check after closing any terminal because can close any access!!
      UsePAM yes # required
      

      When making any change over ssh, will need to restart ssh service in your remote server:

      $ sudo service sshd restart
      OR
      $ sudo systemctl restart sshd 
      

      Regards!
      Juan

      Reply
  3. Thank you so much for this very good explanation.

    I searched multiple sites till I got here.

    My issue resolved.

    Reply
  4. I have set the passwordless login, but after login, I have run the script in mid-time connection is closed. Where can set the timings for these connections?

    Reply
  5. That is a wonderful article explaining passwordless authentication Ravi. I had been looking for something just like this.

    Passwords are out there on their way. Many individuals are already comfortable with being authenticated without a password, such as using FaceID on iOS or scanning a fingerprint on Android, and organizations are gradually moving to passwordless authentication; a way to prove the identity of an online user for enhanced security purposes using an alternate factor other than a password.

    I read a similar article about the same, the link of which I am sharing here: https://www.loginradius.com/blog/start-with-identity/2019/10/passwordless-authentication-the-future-of-identity-and-security/

    I’ll be sharing your article with my friends and colleagues. Till then keep up the good work Ravi :)

    Reply
  6. $ cat ~/bins/makessh1

    ssh $@ mkdir -p .ssh
    cat ~/.ssh/id_rsa.pub | ssh $@ ‘cat >> .ssh/authorized_keys’
    ssh $@ “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”

    Reply
  7. It works perfectly for me.

    Allow user agent on local/client host to ssh remote server ([email protected]) without a password.

    1. Create Authentication SSH-Keygen Keys on client.
    2. $ ssh-keygen -t rsa
      
    3. Create .ssh Directory on the remote server.
    4. $ ssh [email protected] mkdir -p .ssh
      
    5. Upload Generated Public Keys to remote server.
    6. $ cat /u/ainet/.ssh/id_rsa.pub | ssh [email protected]  'cat >> .ssh/authorized_keys'
      
    7. Set Permissions on remote server.
    8. $ ssh [email protected]  "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
      
    9. Test passwordless ssh connection.
    10. $ ssh [email protected]
      
    Reply
  8. Hi Ravi,

    Wonderful post! Thank you! I have a question. I would like to be able to do this for multiple devices (say ssh from a Linux computer into multiple Raspberry Pi computers) When I try to do this for another Pi device, the previous one is forgotten. How can I use what you are showing here for multiple devices?

    Reply
    • @Vincent,

      Create one Authentication SSH-Keygen Keys on your Linux server, and upload the Generated Public Key to multiple remote machines under .ssh directory.

      Reply
  9. Will these authorized_keys files be not expired even after patch deployment server restarts? Can you please reply to this?

    Reply
    • @Revathi,

      No these SSH authorized_keys files never expire and remain the same even after update or upgrade of server to newer releases…

      Reply
    • Step 2 assumes there isn’t already an ssh directory on the server.

      ssh-copy-id‘ is a shell script that will perform steps 2 and 3, but it is not present on every Linux device.

      Following the instruction in step 2 will work in any case.

      Reply
  10. I am sorry, but this did not work. The key clearly did not do the needful, and SSH had to proceed to password.

    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/rajarshi/.ssh/id_rsa RSA SHA256:fRkni96PqvRcjzDxjSKhLnNaCazOdOgTFzsKliz7fas
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug1: Trying private key: /home/rajarshi/.ssh/id_dsa
    debug1: Trying private key: /home/rajarshi/.ssh/id_ecdsa
    debug1: Trying private key: /home/rajarshi/.ssh/id_ed25519
    debug1: Trying private key: /home/rajarshi/.ssh/id_xmss
    debug1: Next authentication method: password

    Reply
  11. I’m getting the error “Permission denied (publickey).” I have pasted the public key in /home/ubuntu/.ssh/authorized_keys the server. But while establishing the connection, I’m getting the error.

    Reply
  12. If you are getting prompted for SSH password then you missed a step :)

    Make sure that you save the id_rsa.pub (the public key) into the keys folder of the user that you wish to SSH into.

    So for example, if you want to SSH as root, then you need the key stored in /root/.ssh/authorized_keys.

    If you want to ssh as ‘yourname‘ then it will be /home/yourname/.ssh/authorized_keys.

    To set this up, you first need to SSH into the destination with username/password combination. Now you’re in, you can copy the ssh public key into the right location. This is why you see “enter your password here” above.

    Reply
  13. I’ve followed your very useful and detailed tutorial line for line but still get prompted for a password each time I ssh into the remote host. Are there any settings in ssh_config or sshd_config that need updating following this?

    Reply
    • @RF and @AliAhmed

      Try this:

      On the machine where the ‘authorized_keys‘ file resides, set proper permissions for the directory .ssh and the file.

      # chmod 700 ~/.ssh/
      # chmod 600 ~/.ssh/authorized_keys
      

      Then, to test:

      In the SSHD config file: */etc/ssh/sshd_config*

      Disable PasswordAuthentication directive
      PasswordAuthentication no
      

      Save, reload/restart sshd deamon.

      This should solve the prompting password field.

      Good luck.

      Reply
  14. I just learned recently that ssh has a simple command to automate the installation of the new public key on remote servers that does steps 2-4 automatically: ssh-copy-id.

    Reply
  15. Hey, how does it work if i want to shut-down 2 or more remote servers with this method, because when i try to do a 2nd remote then i can’t log into the 1st without password any more :(

    Reply
    • That doesn’t make sense to me. Do you mean that you are trying to shutdown machine c from machine b? Or are you trying to shut down both b and c from a

      Reply
  16. Possible to update your publickey authentication method from ssh1 to ssh2 protocol-2 – as ssh1 is pretty much obsolete. As well proper use of ssh-keygen to generate higher value key-types for better ssh security!

    Reply
  17. Good, Nice article and easy to understand. keep posted these kind of technical stuff. will help to new people who is new the environments.

    Reply
  18. This seems very complicated all you have to do is use the command ssh-copy-id user@hostname and it would copy that id into the users authorized host files and you can ssh without a password.

    Reply
  19. Thanks buddy, you explained this well. I liked your explanation and it was helpful to me in creating a passwordless ssh on my single node cluster. I’ll try similar steps on my multinode hadoop cluster.

    Reply
  20. This will work for same users (with the name) on different servers to login into each other user without password? for me its asking password again while I try to login

    Reply
  21. Hi,

    I have tried passwordless login and working fine from server A to server B. But reverse side it is not working and asking for password.

    Reply
  22. After this is done, can we login the client from the server w/o using password? What about doing this for multiple servers and clients?

    Thank you!

    Reply
    • @Lambert,

      If you have followed instructions correctly, yes you will able to login to remote server without password. For multiple SSH passwordless logins, follow the same instructions on each server.

      Reply
  23. Hello Ravi,

    This is because, if you check ssh config file.

    Default path for ssh authorized keys are in .ssh directory at you home directory.

    ————————————————————————–
    AuthorizedKeysFile .ssh/authorized_keys
    ————————————————————————–

    You can change path if you wish :)

    Reply
  24. After step 2, when I enter my password, I’ve been getting an error.

    stty: standard input: invalid argument

    Any comments on how to solve this?

    Reply
  25. Any way to disable the typing animations? Even ebooks don’t have this. It in no way assists, just distracts & irritates.

    Oh – the info is great btw, worked a treat.

    Reply
  26. It would really be much easier to read your article if you used “source server” and “destination server” instead of IP addresses.

    Reply
  27. Great tutorial – best I’ve seen and I’ve been looking for a while. There are a couple of places where its not quite clear, for example “your password” presumably means you/me as root, but the reader might think its Sheen’s password (perhaps Sheena is the user/owner at the other end etc.. And if the destination machine has a different password presumably its for that machine for you/me and not the one for your/my source machine etc.

    Reply
  28. Question: What happens if the users tecmint or sheena’s password are changed? Can sheena still log into 192.168.0.11 and then to server 192.168.0.12 as tecmint user without password to execute anything?

    Thank you.

    Reply
    • ssh-copy-id is a binary from standard package named ‘openssh-client’. If you are using system newer that 2010 I guess you should have it :)

      Reply
  29. Ever heard of ssh-copy-id ? :) You can replace this whole tutorial to just two steps :)

    On machine from you login to other machine
    1. ssh-keygen -t rsa
    2. ssh-copy-id user@onthmachineyouwanttoconnect
    3. provide password and voilla – that’s it

    Reply
    • Interesting fact: the ssh-copy-id “binary” is actually a shell script located in the bin folder, marked executable. So, if you need to work with ssh servers that need to use (for instance) a port other than 22, you can edit the binary with a text editor.

      Reply
  30. I followed all the above steps but I am still getting prompted for password. I am using root user on both linux servers.

    Reply
    • @Deepa,

      Please check the permission on the .ssh directory and key on remote Linux server. Also I suggest you to user normal user for passwordless logins.

      Reply
  31. even after following these I am getting host key verification failed. connection reset by the peer.couldn’t read the packet.
    please help.

    Reply
  32. Hello Sir,

    I have followed the same instructions as on the article for ssh connectivity to VM1 to VM2 and VM1 to VM3.
    Also the permissions are 700 for .ssh directory on both the VMs as well as on the VM1.

    Thanks
    Raman Sharma

    Reply
    • @Raman,

      If you’ve followed instructions correctly, then it should work without any issues, please cross check again…If you still unable to connect, try to re-upload pub key to VM3 and see..

      Reply
  33. Hello,

    I wanted to run the script through ssh on two VMs, via another VM.
    When i configure ssh passwordless on VM1 to run the script on VM2 it works fine , but when i configure VM1 to run the scriptn on VM3, it overrides hence fails and prompts for the password.

    Goal is to access two or more than two VM2 and VM3 through VM1.
    Individually it works fine but while configuring the both VM2 and VM3 it only runs the script on the latest VM configured.

    Thanks
    Raman

    Reply
    • @Raman,

      Have you followed the same instructions for VM1 to VM2 and VM1 to VM3? could you check the .ssh/authorized_keys file permission on both VM’s? it should be 700 permission on .ssh directory.

      Reply
      • Hello Sir,

        I have followed the same instructions as on the article for ssh connectivity to VM1 to VM2 and VM1 to VM3.
        Also the permissions are 700 for .ssh directory on both the VMs as well as on the VM1.

        Thanks
        Raman Sharma

        Reply
  34. I also add the host entry into a config within the .ssh folder.

    Host PC
    Hostname 192.168.0.11
    User sheena
    Port “if not standard”

    then its a simple ssh PC to connect. Also to store key for current session type ssh-add and enter key passphrase.

    Reply
  35. Generated the ssh-keygen on node and copied the id_rsa.pub key in authorized_keys of other client address machine
    and vice versa I have done
    Ex: cat id_rsa.pub and copied in authorized_keys of other client address

    FYI: cat id_rsa.pub
    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKWpgaLZISajE/6U3i2cxrf8xhg8OtECLFtx5ZBmpkelLMWBoM4YUZsapjOMiKxWRcx3TjfKJQiOaVEGmUm1Kd8mLwIHUcCrV3XDm2Me+tNorPYGGrKyEbWwDDilfwCQfJ76WavkhHKz4ODm8toRaI+MNfy0ED7ZGCdOnurXsfuym1Q6MhngR24ns+KVbaFI5wz36RLxvvRsFuJq7MVxbwFtuZ5zNWjejSjTwtMi4JTAe4UXjAVBshgL0pExWJ9ZxE+KWNngyS2MyZyKDV30zbpje9ksSgNKVvSZx6deXf/33CqarFlj1D9/J09MoNZn5pNHRPdmnxWQfHO1uFlJNL [email protected]

    Reply
  36. We got this error while testing scp/ssh based password-less authentication

    AUDIT: CHFW0019I: The Transport Channel Service has started chain HttpOutboundChain:servernamexxxx:9080.
    c:
    Could not load module /usr/share/centrifydc/lib/libcrypto.so.
    Dependent module /opt/freeware/lib64/libgcc_s.a(shr.o) could not be loaded.
    The module has an invalid magic number.
    Could not load module scp.
    Dependent module /usr/share/centrifydc/lib/libcrypto.so could not be loaded.
    Could not load module .

    Any idea why ? Is it something to do with directory permissions ?

    Reply
    • @George,

      I think you’re using AIX machine, and I don’t think these instructions works on AIX, and to be fact I never worked on AIX so sorry I can’t help you out..

      Reply
  37. Thanks for the article, I often come refer your site, BTW, How do you make those short video, if you throw me some clues that will be helpful..

    Reply
  38. If remote machine is windows machine. In that case how to configure Public key?
    Could you please let me know the steps?
    Much appreciated.

    Reply
  39. Hi – Thanks for this information. I followed your instructions with the ssh client on Solaris 10 and the target on RHEL-7. If the target has SElinux disabled, it works. But if the target has SElinux enabled, it does not work.
    I was able to fix it by following the instructions here: http://stackoverflow.com/questions/9741574/redhat-6-oracle-linux-6-is-not-allowing-key-authentication-via-ssh

    chown -R : ~/.ssh
    chmod 700 ~/.ssh
    chmod 600 ~/.ssh/*
    restorecon -R -v ~/.ssh

    Reply
  40. Hello,

    Thanks for post.
    I have one query :
    I want to reset password of multiple servers with an script, Can we pass password as parameter while ssh to set new password.
    in parameter.

    Thanks !

    Reply
  41. Hi All,
    I have a question on automation.
    I have EMC datadomain boxes runs on proprietary RHEL, I have a command called “df” which will provide status of the file system.
    I would like to add this command into a script along with RSA SSH passwordless authentication with a time out of 30 sec. Can you please help / share some idea

    Reply
    • @Pradeep,

      First create a SSH passwordless authentication on the server that you want to connect to remote host and then create a script with df command and run with cron every 30 seconds..

      Reply
  42. Hi,
    Thanks for your great article. it is really awesome.
    Now I have a question here.. please suggest me…

    suppose I have a server (192.168.0.1) with SSH enable and one of my client (19.168.0.2) is accessing it from any user account. After performing some task on server, the client close the ssh session. Now on server end, I want to check what the client did, which commands did he run (total activity by client)
    could you please tell me ho can I do that on server end?

    Thanks in advance!

    Reply
  43. After following your steps, It’s still asking for password. On one machine, id_rsa.pub was already present and able to do passwordless ssh on most of other client machines but not able to do on one. The one on which, these steps didn;t worked has “.ssh” folder with 700 permission and inside that “authorized_keys” file only with 640 permission. Nothing else is present, I just used following command as id_rsa.pub file was already present:
    cat .ssh/id_rsa.pub | ssh ‘cat >> .ssh/authorized_keys’

    Still asking for password. Can you please help. I have restarted sshd also from my client machine.

    Reply
  44. Below is the error:

    cat .ssh/id_rsa.pub | ssh 192.168.132.131 ‘cat >> .ssh/authorized_keys’
    cat: .ssh/id_rsa.pub: No such file or directory

    Reply
  45. Hi Sir , I have applied the same steps but it was asking the password after entering the password i am able to ssh.

    After that i have restarted the server (instlled on VM) then after doing ssh found the following:

    [email protected]‘s password:
    Permission denied, please try again.
    [email protected]‘s password:
    Permission denied (publickey,password).

    Please help.

    Reply
    • @Sahil,
      Have you created same users on both server? so that the user can have write permission to upload SSH pubic key..The error above clearly stating that you’ve a permission issue..

      Reply
  46. I tried the steps, using my user name for two systems and for some reason, it did not work, Any idea, here is the more details:
    [amishra@RV-159 ~]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/user/amishra/.ssh/id_rsa):
    /user/amishra/.ssh/id_rsa already exists.
    Overwrite (y/n)? y
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /user/amishra/.ssh/id_rsa.
    Your public key has been saved in /user/amishra/.ssh/id_rsa.pub.
    The key fingerprint is:
    fb:a1:06:d4:00:a2:66:4b:77:14:a3:83:86:c4:77:f0 [email protected]
    The key’s randomart image is:
    +–[ RSA 2048]—-+
    |….o=. |
    |oo.o+.o |
    |o*.+.E o |
    |= o o . . |
    | . . S |
    | . . |
    | .. . |
    | .o . |
    | .. . |
    +—————–+
    [amishra@RV-159 ~]$ ssh amishra@rv-106 mkdir -p .ssh
    The authenticity of host ‘rv-106 (10.14.67.97)’ can’t be established.
    ECDSA key fingerprint is 51:d5:e3:15:cf:d2:ef:da:ad:6c:a6:97:ab:26:c3:40.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added ‘rv-106,10.14.67.97’ (ECDSA) to the list of known hosts.
    amishra@rv-106’s password:
    [amishra@RV-159 ~]$ cat .ssh/id_rsa.pub | ssh amishra@rv-106 ‘cat >> .ssh/authorized_keys’
    amishra@rv-106’s password:
    [amishra@RV-159 ~]$
    [amishra@RV-159 ~]$ ssh amishra@rv-106 “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”
    amishra@rv-106’s password:
    [amishra@RV-159 ~]$
    [amishra@RV-159 ~]$ ssh rv-106
    amishra@rv-106’s password:
    Last login: Tue Oct 20 16:46:44 2015 from rv-evt.qlogic.org
    [amishra@RV-106 ~]$
    [amishra@RV-106 ~]$
    [amishra@RV-106 ~]$

    I was expecting that for the last ssh rv-106, it will not ask my password. Am I missing something here? Thanks for the nice steps.

    Reply
      • Ravi,

        Same effect.
        [amishra@RV-159 ~]$ ssh amishra@rv-106
        amishra@rv-106’s password:

        Since in my exercise, I am trying same username on two different systems (RV-159 and RV-106), it gets the username anyway, like if you see the error message what I posted earlier, it has got the correct user name “amishra” and it is asking for the password for the same user name in the prompt. “amishra@rv-106’s password:”.
        Probably I am missing something which may be prerequisite to do the above steps. It will be nice to know that.
        Thanks,
        Anil

        Reply
    • @Bheema,
      Sure, your article request accepted and we try to start a new series on Red Hat satellite series soon, till then stay tuned.

      Reply
  47. Hi Ravi,

    I have used this trick , But after some when i am doing ssh , it will show connection lost.Any other alternative method.

    Thanks,
    Anil

    Reply
    • @Anil,
      Try to set SSH TMOUT value to higher. For example, the following variable will set SSH timeout to 120 seconds, you can increase as per your needs.

      # export TMOUT=120
      
      Reply
  48. hi ravi can you mail me i have a question about Indian study i want consulted with you brother if u have free time please this is my whatsapp no +989140748620.

    Reply
  49. Thank you for writing this up!
    One thing though: For some reason I had to restart sshd on my secondary server before it started to accept the connections.

    Reply
  50. Hi!, this method is not working for me. I have followed all the steps, but the server keeps asking for password.
    Thanks in advance

    Reply
  51. Hi Ravi,

    I would like to run security,critical updates on my centos server on weekly basis please suggest to me which is best commands.

    Reply
        • @Sanjay,
          Yes, if you do ‘yum update’ all packages including kernel will update, but I don’t think you will face any issue and it’s always recommended to do a update weekly..

          Reply
  52. I am stuck at Step 3: cat .ssh/id_rsa.pub | ssh user@machine ‘cat >> .ssh/authorized_keys’. While running this I am getting error: “The System cannot find the path specified”. To validate I run only ‘cat .ssh/id_rsa.pub’ and it worked fine. Then when I tried ssh user@machine ‘cat >> .ssh/authorized_keys’ it again gave the same error “The System cannot find the path specified”. I validated the authorized keys path on target machine and it is located at /u/pub/.ssh/authorized_keys. So I run ssh user@machine ‘cat >> /u/pub/.ssh/authorized_keys’ but still getting the same error. Running out of my mind now. Please help.

    Reply
  53. This article is entirely too specific in its naming scheme; readers shouldn’t have to memorize random particulars in order to follow your guide.

    Reply
  54. The instruction is extremely clear and correct. But could you provide why we need to set permission of file “authorized_keys file” to 640?

    Reply
  55. pulling my hair out! I seem to have no issue logging into my ubuntu 14.04 with the account ‘warren’ on both, but i set this up with a user ‘gituser’ on the server and cannot for the life of me get it to login automatically form warren@local to gituser@server. Any tips would be appreciated.

    Reply
    • What are the access-rights of your .ssh-directories? They should be ‘700’ for each user, if not, ssh refuses pw-less login for security reasons.

      Reply
  56. I use this way for ssh communication

    example VM => node1, node2

    1. ssh-keygen node1
    ssh-keygen node2

    2. ssh-copyid node1
    ssh-copyid node2

    that’s all. After doing these, I can use ssh and scp without password input

    Reply
  57. server 1 ip is 192.168.1.1 and second server is 192.168.1.2 i doo all the steps but it asking me for password i set the permission to .ssh 700 and authorised_keys to 640

    Reply
  58. This. just. works. I couldn’t believe it would be so simple. Spent the last 2.5 hours reading dozens of different ‘tutorials’ and nothing worked, this was supposed to be such a simple 5-minute task, i was starting to doubt my own sanity. This was literally my last try, it looked almost ‘too simple’ at first but it saved my evening. Thanks a lot for posting! Frank

    Reply
  59. Hello,

    I have performed above steps but still ssh is asking for password, can any buddy help me on this. Thanks in Advance.

    Regards,

    Reply
  60. For Ubuntu 14.04 some extra pre steps may be needed.

    1. f you messed up already the setup, remove the server 2 from known hosts to restart process.

    ssh-keygen -R hostname

    2. It is good to create the same user in both machines and run this setup as this user.

    3. Turn this user as sudoer and allowed ssh user in both servers.

    For sudoer use command

    visudo

    and copy same root previleges to this user

    For ssh:

    vi /etc/ssh/sshd_config

    at the line starting with

    AllowUsers root

    add you new user with an space in between

    AllowUsers root username

    Also check this variables, you may have to add one

    PermitRootLogin without-password
    PermitRootLogin yes
    UsePAM no

    Reply
  61. Hi Ravi,

    Please see if you can help.

    i have two Linux servers, first server(lniux 5.7) ip x.y.4.112 and another linux server(6.3) ip is x.y.90.23.
    i want a ssh passwordless communication from x.y.90.23 to x.y.4.112.
    manually ssh is allowed.

    i have followed the below steps also.

    1. on server x.y.90.23
    >$ ssh-keygen -t rsa
    >$HOME/.ssh
    2. on server x.y.4.112
    >Copy content of id_rsa.pub file from x.y.90.23 server to all x.y.4.112 server in file authorized_keys under directory $HOME/.ssh/

    But still it is asking for password.
    is it because both server are on different network ?or different linux O.S? or something else.
    i tried locally with two server on the same n/w..that was working..

    Thanks in advance.

    Reply
    • @neelam,
      Please set the correction permissions on ‘.ssh’ directory and ‘authorized_keys’ file on remote hosts (i.e. ip 4.112 ) as shown.

      # chmod 700 .ssh
      # chmod 640 .ssh/authorized_keys
      
      Reply
  62. Hi Ravi,

    Please see if you can help.

    i have two Linux servers, first server(lniux 5.7) ip x.y.4.112 and another linux server(6.3) ip is x.y.90.23.
    i want a ssh passwordless communication from x.y.90.23 to x.y.4.112.
    manually ssh is allowed.
    i have followed the below steps also.

    1. on server x.y.90.23
    >$ ssh-keygen -t rsa
    >$HOME/.ssh

    Reply
  63. Hello Ravi Saive,
    I am managing a lot of servers which have each of them loggin and passwords through a ssh bastion. All servers are centOS based, the ssh bastion to is in centOS, and my laptop iis in windows.
    What I would like to do is to generate a public key on each server, and copy them to a repository in the SSH bastion and if I would like to ssh to a remote serverA, I only do a putty configuration which will permit to only tipe “ssh serverA” and I get connected.
    What would I do to have it?
    What are the configuration needed
    Thanks in advance for your help
    Regards

    Reply
  64. Hello Ravi,
    I followed your steps to do password-less ssh between two ubuntu systems, the commands executed properly, not even single error but after everything still it is asking password to connect.
    ** any different procedure for ubuntu OS???
    Please help me out..

    Reply
    • Procedure is same for all Linux OS’s, but never yet tried on Ubuntu systems, will try and let you know, why its still asking for password.

      Reply
  65. Hello Can you help me. While setting up ssh key i forgot to give 600 permission to authorized_keys file and now connection is closed please help me with this, now how can i login to other server its always showing connection closed by some ip. Please help

    Reply
  66. Hi ,

    I was able to successfully able to login to server 2 passwordlessly from server 1. But this is getting reset after a while( maybe after 24 hours) and again i have to enter password. How to make this change permanent.

    Reply
    • No, it will not automatically reset itself, someone from you team might doing it or some scripts might reset your ssh logins.

      Reply
    • Or probably there’s system configuration management (like chef, puppet, ansible and the like) that governs (your infrastructure) the ssh authorized_keys.

      Reply
  67. I fought with this for a while and found that the permissions on the user’s home directory needed to be updated from:

    drwxrwxr-x

    to:

    drwxr-xr-x

    by running the following as the user in the user’s home dir:

    [user@host ~]# chmod 755 .

    This fixed it for me.

    Reply
  68. I have followed the steps given

    But I think there is a problem with the user I am trying to login with because of which passwordless ssh is NOT working

    Reply
  69. Thank you and it work perfectly. But I think those that got problems using this guidelines was because of SELinux. Cause I experienced the same following this guide in a centos/rhel environment.

    Just do the either of the below commands and afterwards you should be able to ssh without asking for password.

    [root@centossrv1 ~]# ssh root@tester1 “restorecon -R /root/”
    root@tester1’s password:

    or

    [root@tester1 ~]# restorecon -R /root/

    Again, thank you tecmint and more power!

    Reply
    • [root@centossrv1 ~]# cat .ssh/id_rsa.pub | ssh root@tester1 ‘cat >> .ssh/authorized_keys’
      root@tester1’s password:
      [root@centossrv1 ~]# ssh root@tester1 “chmod 700 .ssh; chmod 640 .ssh/authorized_keys; chmod go-rwx .ssh/authorized_keys”
      root@tester1’s password:

      Well, this was I did. in my case.

      Thanks again!

      Reply
  70. hi ,

    I followed the above steps but unable to connect without pasword. my os is cento 6.5…there is use root instead of user on both users…. i think this is not a big mistake….. #scp id_rsa.pub [email protected].. but i am not able to get in…Could you please help me out…


    Thanks
    Jagan

    Reply
  71. Ravi,
    Followed your steps, one by one without error, and still it is asking for password.

    Local machine:
    $ uname -a
    Linux xxxxx 2.6.18-164.2.1.el5 #1 SMP Mon Sep 21 04:37:42 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

    Remote machine:
    $ uname -a
    Linux yyyyyy 2.6.18-128.el5 #1 SMP Wed Jan 21 08:45:05 EST 2009 x86_64 x86_64 x86_64 GNU/Linux

    Reply
  72. I was enabling ssh passwordless login sun solaris server. I followed all the steps above.
    But it still prompting for password.

    I tried to debug. Here is the debug output.

    ssh -v [email protected]
    Sun_SSH_1.1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Rhosts Authentication disabled, originating port will not be trusted.
    debug1: ssh_connect: needpriv 0
    debug1: Connecting to 192.6.14.41 [192.6.14.41] port 22.
    debug1: Connection established.
    debug1: identity file /appbin/oracle/uccdev/.ssh/identity type -1
    debug1: identity file /appbin/oracle/uccdev/.ssh/id_rsa type 1
    debug1: identity file /appbin/oracle/uccdev/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.3
    debug1: match: Sun_SSH_1.1.3 pat Sun_SSH_1.1.*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-Sun_SSH_1.1.3
    debug1: use_engine is ‘yes’
    debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
    debug1: pkcs11 engine initialization complete
    debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
    Unknown code 0
    )
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: Peer sent proposed langtags, ctos: i-default
    debug1: Peer sent proposed langtags, stoc: i-default
    debug1: We proposed langtags, ctos: i-default
    debug1: We proposed langtags, stoc: i-default
    debug1: Negotiated lang: i-default
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: Remote: Negotiated main locale: C
    debug1: Remote: Negotiated messages locale: C
    debug1: dh_gen_key: priv key bits set: 125/256
    debug1: bits set: 1628/3191
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host ‘192.6.14.41’ is known and matches the RSA host key.
    debug1: Found key in /appbin/oracle/uccdev/.ssh/known_hosts:1
    debug1: bits set: 1563/3191
    debug1: ssh_rsa_verify: signature correct
    debug1: newkeys: mode 1
    debug1: set_newkeys: setting new keys for ‘out’ mode
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: newkeys: mode 0
    debug1: set_newkeys: setting new keys for ‘in’ mode
    debug1: SSH2_MSG_NEWKEYS received
    debug1: done: ssh_kex2.
    debug1: send SSH2_MSG_SERVICE_REQUEST
    debug1: got SSH2_MSG_SERVICE_ACCEPT
    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
    debug1: Next authentication method: gssapi-keyex
    debug1: Next authentication method: gssapi-with-mic
    debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
    Unknown code 0
    )
    debug1: Next authentication method: publickey
    debug1: Trying private key: /appbin/oracle/uccdev/.ssh/identity
    debug1: Trying public key: /appbin/oracle/uccdev/.ssh/id_rsa
    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
    debug1: Trying public key: /appbin/oracle/uccdev/.ssh/id_dsa
    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    Password:

    Can you please help me out?

    Reply
  73. Seems I have a permission error when trying to create the .ssh directory. Could you help?

    Could not chdir to home directory /var/services/homes/Inspections: Permission denied
    mkdir: can’t create directory ‘.ssh’: Permission denied

    Reply
      • Yes I re-did all the steps and it has worked. I have one more question. I have a second server I’d like to add to authorized_keys

        Can you tell me the proper syntax to append the file for Step 3 above so that both servers can login?

        Reply
  74. I think a lot of problems with the two-way connection between Fedora might be an SELinux issue?…..just throwing that one out there!….and thanks for the article…very educational!!

    Reply
  75. how would it work if the account (1) is being used in a SCP command as scp file act1@home machine where acct 1 is not defined to where the SCP command is running ( remote machine ?

    Example:

    Unix 2 uses acct2 has its home env and executes the scp file acct1@localmachine where acc1 is defined.

    Does an authorized_keys file into the .ssh directory of acct1 needed?

    Reply
  76. hi can u help me.

    in my fedora 19 system on gui base the sftp not working but on terminal when i login to sftp it is working fine can u give me the solution of this error.

    Reply
  77. my server is down when i want to login through putty using ssh it gives error connection time out …now i want o work on my server how can i login through putty to work on it

    Reply
  78. i tried the same approach i was able to login from one env to another but while trying to fire sudo su – Command its still asking for password :(

    Reply
  79. I followed the above steps which mentioned by you. But still when i try to do ssh, its asking for password. can you pls let me know is there anything i have to do. i am trying to login from fedora 18 to fedore 11. please guide

    Reply
    • Have you uploaded Generated Public Key to remote server under authorized_keys file?. Please check content of authorized_keys file.

      Reply
  80. A great tip, thanks. Used with mySQL in order to dump and load a database from one server to another. See here:

    ssh -C user@host ‘mysqldump -u dbuser –password=dbpass -D dbname | gzip’ | gzip -d | mysql -u dbuser –password=dbpass -D dbname

    Thanks, again!

    Reply
  81. Hello. Here are some preliminary system specs:

    Local: Fedora 18 (Desktop Interface)
    Server: Ubuntu 12

    Setting up password-less ssh works fine from Ubuntu system to Ubuntu Server. From Fedora, not so much. The “copy-id” command works, and initially requests the password to fulfill the request. From Fedora, I ssh into my Ubuntu server and it still prompts for a password. Is there something different in sshd or elsewhere that we should be reviewing?

    Troubleshooting:

    I rebooted both devices to ensure that all services restart, and also verified that the services were running upon reboot.

    Any information on this would be most helpful. Thank you.

    Reply
  82. Hi,

    I followed above steps but still not able to connect to my server without password.
    i am using
    server 1 : Red Hat Enterprise Linux Server release 5.5
    server 2 : Red Hat Enterprise Linux Server release 6.2
    i want to connect from server one to two without password.

    please help.

    Thanks and Regards,

    Arivnd.S

    Reply
    • Login into server1 and run the following commands.

      ssh-keygen -t rsa
      ssh user@server2 mkdir -p .ssh
      cat .ssh/id_rsa.pub | ssh user@server2 'cat >> .ssh/authorized_keys'
      ssh user@server2 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
      

      Now try to login to server2, it will won’t prompt you to enter password. Try and let me know.

      ssh user@server2
      

      Thanks..

      Reply
  83. In my opinion, our created id_rsa.pub key at host node copy to other two nodes’s home directory. then create authuorized_keys on other two site. Is it true?

    Reply
  84. one-to-one connection without passwordless was successfully. But one-to-two connection was failed, first one is successful, second one is not login without password. help me??

    Reply
  85. this didn’t work for me :(

    Mine are 2 CentOS 5.8 servers, but I don’t know why this didn’t work. Can someone help out?

    Reply
  86. Most of the time this works great for me, which is important because as part of an automated test environment I have scripts that need to send root commands to other systems on their LANs with ssh and if the target system prompts for a password the script fails. However, I have a Fedora 16 system that refused to honor the authorized_keys file in roots ~/.ssh and prompts for a password anyway. I don’t know what is causing it to do that, when the other Linux boxes all work fine (and the Fedora box works fine for non-root use logins). Note, the system does let me ssh login as root, because I can enter the pasword, but not the script.

    Reply
  87. I don’t do this with Fedora and Ubuntu GNU/Linux System. Ubuntu to Fedora is great, but trying with Fedora to Ubuntu, no function. I need help. Please.

    Thanks.

    Reply
    • Can you tell exactly what errors you getting or you could post them here. so we could work out and give you a way to communicate your fedora to Ubuntu system.

      Reply
  88. For Debian only 3 steps :)
    1) Generate ssh keys.
    2) Run ‘ssh-copy-id’ (copy your ssh public key ) to remote host
    3) login to remote host using ssh keys.

    Reply

Got something to say? Join the discussion.

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.