Often times you have automated scripts that require access to multiple machines from a single source and need to do so without having to deal with ssh password prompts. And in other instances you may have a bastian host (strong point) security model which you would like to have passwordless communication from. Below are 10 steps to setting up passwordless authentication with SSH in Linux.
Step 1:
(*note server1 is the source server and server2 will be the destination server)
server1# mkdir ~/.ssh |
Step 2:
server1# cd ~/.ssh |
Step 3:
server1# ssh-keygen -t rsa |
Generating public/private rsa key pair.
Enter file in which to save the key (“your_local_home”/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
18:6a:e3:78:ab:2d:0c:8e:f9:67:f7:30:32:44:77:34 phil@server1
Step 4:
server1# scp ~/.ssh/id_rsa.pub phil@server2.philchen.com:/home/phil/id_rsa.server1.pub |
Step 5:
server1# ssh phil@server2.philchen.com Password: |
Step 6:
server2# mkdir .ssh |
Step 7:
server2# chmod 700 .ssh |
Step 8:
server2# cat id_rsa.server1.pub >> .ssh/authorized_keys |
Step 9:
server2# chmod 644 .ssh/authorized_keys |
Step 10:
server2# exit server1# ssh phil@server2.philchen.com |
*Note repeat steps 4-10 for all target servers you would like passwordless access from server1
* FYI Ensure your /home/user directory has the permission 755 also!
You should be all set!
Cool post, can we get more of these.
In our environment the home directory is mounted to all of our Linux servers. I’ve previously set up ssh in a manner similar to what you indicate here and am able to use ssh to connect to servers without the password prompt. I’ve recently tried to set up another user in the same fashion and it will not work, she still gets prompted for a password. Any idea why this won’t work for her when it does for me?
Thanks!
Make sure the ssh key is 600 permission wise. That might be the issue but not quite sure. Also make sure you cat the new users pub key and don’t cut and past it into the authorized_keys file on the target server. Hope that helps.
FYI .. You really do not need to create the directories as the ssh-keygen will create them in the appropriate place (e.g. $HOME/.ssh) and will even set the permissions properly for the directory/keys as well.
Also noteworthy, are the -t and -b parameters for the “ssh-keygen” program. Using “-t” allows one to change the key type generaten and “-b” grants the ability to specify the number of bits (or strength) of the key (higher numbers = longer to crack). 768-32768 for RSA and RSA1, 1024 for DSA — RSA1 for protocol version 1, RSA/DSA for protocol version 2.
If you aren’t really concerned about security on your LAN, don’t bother running this for every computer you want to log into, just simply generate the private and public keys, copy/cat the .pub to authorized_keys as instructed above, then scp the whole directory to each machine and finally, ensure the file permissions remain the same as the originating machine.
Hope this helps!