Using SSH login without password
This is a simple article that provides the necessary steps to allow ssh login without the need of entering the users password
serverA generate a pair of authentication keys:
user@serverA$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/usera/.ssh/id_rsa): <Enter>
Created directory '/home/usera/.ssh'.
Enter passphrase (empty for no passphrase): <Enter>
Enter same passphrase again: <Enter>
Your identification has been saved in /home/usera/.ssh/id_rsa.
Your public key has been saved in /home/usera/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
do not enter a passphrase,
To generate an SSH1 RSA or SSH2 DSA key pair, specify the
-t rsa1 or
-t dsa options.
- use ssh to create a directory
~/.ssh on serverB and append
usera ssh public key
usera@serverB:.ssh/authorized_keys and enter the users password one last time:
usera@serverA$ ssh usera@serverB mkdir -p .ssh
usera@serverA$ cat .ssh/id_rsa.pub | ssh usera@serverB 'cat >> .ssh/authorized_keys'
An alternative on some Linux systems, is to use the
ssh-copy-id script to append the public key in the local
~/.ssh/id_rsa.pub file to the
~/.ssh/authorized_keys file on the remote system, for example:
usera@serverA$ ssh-copy-id usera@serverB
usera@serverB's password: remote_password
Now try logging into the machine, with "ssh 'usera@serverB'", and check in:
to make sure we haven't added extra keys that you weren't expecting.
When prompted, enter your password for the remote system.
The script also changes the permissions of
~/.ssh/authorized_keys on the remote system to disallow access by your group.
- Now it's a simple as:
usera@serverA$ ssh usera@serverB
- Verify that the permissions on the remote
~/.ssh directory and
~/.ssh/authorized_keys file allow access only by you:
usera@serverA$ ssh usera@serverB ls -al .ssh
drwx------+ 2 usera mygrp 5 Feb 10 15:47 .
drwxr-xr-x+ 3 usera mygrp 9 Feb 10 15:48 ..
-rw-------+ 1 usera mygrp 397 Feb 10 15:48 authorized_keys
NOTE: On some systems you need to place the public key in the file