SSH (Secure Socket Shell) is an important and trusted protocol, which we use to log in to the remote servers securely so that we can execute our required commands and program.
Whether you are dealing in IT infrastructure services or working on any client machine, sometimes it become our need to do the Passwordless SSH login between two remote servers. This type of login also help us in setting up various monitoring scripts as well as correctly configuring our DR (Disaster Recover) Infrastructures.
To set up Passwordless SSH login in Linux, you can follow these steps:
Step 1:
Generate SSH Key Pair: First, you need to generate an SSH key pair on the client machine (from where you want to connect to the remote server). Open a terminal and run the following command:
ssh-keygen -t rsa
Now, you will see below output:
bash-3.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/mohitchaudhary/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/mohitchaudhary/.ssh/id_rsa
Your public key has been saved in /Users/mohitchaudhary/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:mmz6HwVZ18alZKxUXhK/PvCz9YRadQOEqDGcufrZSro mohitchaudhary@MOHITs-MacBook-Air.local
The key's randomart image is:
+---[RSA 3072]----+
| . o o o**oo|
| * + oo+== |
| B . +o .|
| o . . . .|
| . S . . oo|
| o o . +oo|
| *.+ o=o|
| ooo o o .*|
| .Eooo . ..|
+----[SHA256]-----+
bash-3.2$ ls -ltrh /Users/mohitchaudhary/.ssh/ | grep id_rsa
-rw------- 1 mohitchaudhary staff 2.6K May 31 14:19 id_rsa
-rw-r--r-- 1 mohitchaudhary staff 593B May 31 14:19 id_rsa.pub
It will generate a public key (id_rsa.pub) and a private key (id_rsa) in the ~/.ssh directory
Step 2:
Copy the public key to the ~/.ssh/authorized_keys file on the remote server:
You can use the following command to copy the public key to the remote server:
ssh-copy-id username@remote_server_ip
Replace username with your username on the remote server and remote_server_ip with the IP address or hostname of the remote server. It will prompt you to enter the password for the remote server. Once you provide the password, it will copy the public key to the appropriate location on the server.
If the ssh-copy-id command is not available on your system, you can manually append the content of the public key file (~/.ssh/id_rsa.pub) to the ~/.ssh/authorized_keys file on the remote server.
Note: If this authorized_key file is not present on the remote server the you can manually create the same and paste the pub key content in this file.
Step 3 (Testing):
Test the passwordless login: Now, you should be able to SSH into the remote server without being prompted for a password. Run the following command to test it:
ssh username@remote_server_ip
If everything is set up correctly, you should be logged in to the remote server without needing to enter a password.
Step 4 (Optional):
Disable password-based authentication (optional): For added security, you can disable password-based authentication on the remote server. Open the SSH server configuration file (usually located at /etc/ssh/sshd_config) on the remote server and locate the line that starts with PasswordAuthentication. Set its value to no. Save the file and restart the SSH service for the changes to take effect:
sudo service ssh restart
After making this change, you will only be able to log in via SSH using the SSH key pair.
That’s it! Hope it helps. Cheers!!!
I have find this article very useful in setting up my Passwordless ssh login. Explained in short and simple way helped me a lot. Thanks for posting such a wonderful and useful article.