How to Enable Passwordless Authentication with SSH

July 28, 2007

Often times you have automated scripts that require access to multiple machines from a single source and need to do so without having to deal with ssh password prompts. And in other instances you may have a bastian host (strong point) security model which you would like to have passwordless communication from. Below are 10 steps to setting up passwordless authentication with SSH in Linux.

Step 1:
(*note server1 is the source server and server2 will be the destination server)

server1# mkdir ~/.ssh

Step 2:

server1# cd ~/.ssh

Step 3:

server1# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (“your_local_home”/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
18:6a:e3:78:ab:2d:0c:8e:f9:67:f7:30:32:44:77:34 phil@server1

Step 4:

server1# scp ~/.ssh/id_rsa.pub phil@server2.philchen.com:/home/phil/id_rsa.server1.pub

Step 5:

server1# ssh phil@server2.philchen.com
Password:

Step 6:

server2# mkdir .ssh

Step 7:

server2# chmod 700 .ssh

Step 8:

server2# cat id_rsa.server1.pub >> .ssh/authorized_keys

Step 9:

server2# chmod 644 .ssh/authorized_keys

Step 10:

server2# exit
server1# ssh phil@server2.philchen.com

*Note repeat steps 4-10 for all target servers you would like passwordless access from server1

* FYI Ensure your /home/user directory has the permission 755 also!

You should be all set!

Comments for “How to Enable Passwordless Authentication with SSH”

  1. Cool post, can we get more of these.

  2. DMC commented on June 21, 2012

    In our environment the home directory is mounted to all of our Linux servers. I’ve previously set up ssh in a manner similar to what you indicate here and am able to use ssh to connect to servers without the password prompt. I’ve recently tried to set up another user in the same fashion and it will not work, she still gets prompted for a password. Any idea why this won’t work for her when it does for me?

    Thanks!

  3. Make sure the ssh key is 600 permission wise. That might be the issue but not quite sure. Also make sure you cat the new users pub key and don’t cut and past it into the authorized_keys file on the target server. Hope that helps.

  4. WhyTigr commented on October 15, 2012

    FYI .. You really do not need to create the directories as the ssh-keygen will create them in the appropriate place (e.g. $HOME/.ssh) and will even set the permissions properly for the directory/keys as well.

    Also noteworthy, are the -t and -b parameters for the “ssh-keygen” program. Using “-t” allows one to change the key type generaten and “-b” grants the ability to specify the number of bits (or strength) of the key (higher numbers = longer to crack). 768-32768 for RSA and RSA1, 1024 for DSA — RSA1 for protocol version 1, RSA/DSA for protocol version 2.

    If you aren’t really concerned about security on your LAN, don’t bother running this for every computer you want to log into, just simply generate the private and public keys, copy/cat the .pub to authorized_keys as instructed above, then scp the whole directory to each machine and finally, ensure the file permissions remain the same as the originating machine.

    Hope this helps!

Leave a Reply