Tag Archives: passwordless ssh

How to Configure Passwordless SSH login in Linux

This process involves two steps:

  • Generating a public authentication key
  • appending it to the remote hosts’ authorized_keys file.

Generate Authentication Key

If an SSH authentication key does not already exist on the client, generate one by running the ssh-keygen command.  When prompted for a passphrase, use a blank passphrase if fully password-less login is desired:

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:SV+/61UbEnJMJeTP4gvRY1Jxwv4HR8Hd2yqCBBt6p74 user@client.domain.local
The key's randomart image is:
+---[RSA 2048]----+
|            o*o++|
|      o     +.=.+|
|     . +.  .o* .o|
|    . o.oo .=o=.o|
|     . +S..o *oB.|
|      . . . * =o=|
|     .     o o..o|
|      .     . .o |
|      E.     oo  |

Copy the Public Key to the Remote Host

Use the ssh-copy-id command to install the public half of the new authentication key to the remote host.  The ssh-copy-id command will automatically append the identity information into the ~/.ssh/authorized_keys file for the specified user on the remote host.  It will create the authorized_keys file if necessary.

#ssh-copy-id -i ~/.ssh/id_rsa.pub user@remotehost.domain.local
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@remotehost.domain.local's password: 
Number of key(s) added:        1
Now try logging into the machine, with:   "ssh 'user@remotehost.domain.local'" and check to make sure that only the key(s) you wanted were added.