understandable linux tips, tricks and tutorials

Quite often, you want to ssh into a remote server without having to enter a password. I use this mostly for scripts that I want to run non-interactively, like the rdiff-backup script I use for backing up my home computer to a remote server. SSH allows you to do this in a relatively secure way using public key authentication.


The first thing you’ll need is a working ssh server that you want to access, and an ssh client on the computer you want to access it from. ssh is such a common tool in linux, that the client should come pre-installed on your distribution. I’m assuming that you’re looking for answers on this topic because you already have an ssh server you want passwordless access to, so I’m not going to go into detail on setting up an ssh server – although I will cover setting up an existing ssh server for passwordless login.

setting up the server for passwordless login

You will need to make sure that the server will accept passwordless logins. This means you have to enable public key authentication on the server. To do this, open up /etc/ssh/sshd_config in a text editor (I would suggest nano or kate). Then make sure that the following two lines are uncommented, or if not there, add them in. To uncomment the line, remove the ‘#’ from the beginning of the line:

RSAAuthentication yes
PubkeyAuthentication yes

You will need to restart the ssh server. Do this with:

/etc/init.d/ssh restart

Finally make sure that permissions are right on the server. If there’s no ~/.ssh directory, make one:

mkdir ~/.ssh

Once you’ve got a ~/.ssh directory, change the permissions using:

chmod 700 ~/.ssh

that should be enough to setup the server side of things.

setting up the client side of the equation

First you’ll need to setup a keypair. If you already have the files ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub, you should be good to go. If not, then you need to add them. Use the following command:

ssh-keygen -t rsa

You will then be asked some questions. Simply hit “Enter” to answer them all:

Generating public/private rsa key pair. 
Enter file in which to save the key (/home/skx/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again:
Your identification has been saved in /home/skx/.ssh/id_rsa.
Your public key has been saved in /home/skx/.ssh/id_rsa.pub.

Answering without putting in a password means that the keys can be unlocked without a password, which is the whole point of “passwordless” login. Now we can do a little magic. Previously when setting up passwordless logins with ssh, I’ve gone through a dance of copying keys from the local computer to the remote computer. However, now I’ve found a new programme that does all this automagically. So, type this into a terminal:

ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote_host

Obviously you will need to replace “username” with the user you want to login as on the remote computer, and “remote_host” with the ip/hostname of the ssh server. This command will ask you for a password – don’t be alarmed; this sets up the passwordless-ness, so needs a password to do it. Once you’ve done this, you should be good to go. Try logging into the remote server, and you should be password free.

15 Comments
  1. Thank you very much!!!! This has been so clear and sooooo easy!!!!

  2. Awsome article… Helped me a lot … Simple..

    Suggestion: When we try to add the key there may be an error ” Host key verification failed.”

    Please also give suggestion to delete the corresponding line if the error persists.

  3. Suggestion: When we try to add the key there may be an error ” Host key verification failed.”
    +1

  4. Is this method secure enough for a production environment? It would seem that some would want the added security of forcing a password for authentication. Plus it helps one remember their password, if they are using it to login often. I typically change the ssh port for added security.

    • I wouldn’t use it in a production environment. I use it on my home network for convenience. There is always a trade-off between security and convenience – you’ll have to make your own assessment of where you are comfortable on that continuum.

  5. Also mention the need for both the users (local and remote) to have a home directory setup. What are the required settings related to this?

  6. ssh-keygen -t dsa -f ~/.ssh/airtonix.edge.local -C “airtonix@edge.local” && cat ~/.ssh/airtonix.edge.local.pub | ssh airtonix@edge.local ‘cat – >> ~/.ssh/authorized_keys’

    orzin.local is the client
    edge.local is the server.

    this doesn’t work.

    however from the servers point of view :

    ssh-keygen -t dsa -f ~/.ssh/airtonix.orzin.local.id_dsa -C “airtonix@orzin.local” && cat ~/.ssh/airtonix.orzin.local.id_dsa.pub | ssh airtonix@orzin.local ‘cat – >> ~/.ssh/authorized_keys’

    Does work.

    so in summary, I can passwordless login from edge to orzin, but not from orzin to edge.

    any ideas


  7. airtonix:

    ssh-keygen -t dsa -f ~/.ssh/airtonix.edge.local -C “airtonix@edge.local” && cat ~/.ssh/airtonix.edge.local.pub | ssh airtonix@edge.local ‘cat – >> ~/.ssh/authorized_keys’
    orzin.local is the client
    edge.local is the server.
    this doesn’t work.
    however from the servers point of view :
    ssh-keygen -t dsa -f ~/.ssh/airtonix.orzin.local.id_dsa -C “airtonix@orzin.local” && cat ~/.ssh/airtonix.orzin.local.id_dsa.pub | ssh airtonix@orzin.local ‘cat – >> ~/.ssh/authorized_keys’
    Does work.
    so in summary, I can passwordless login from edge to orzin, but not from orzin to edge.
    any ideas

  8. very clear, thanks.

    itconsult.hk/blog

  9. Hi,
    Awesome article..

    The above procedure helps you to login from master node (say) to slave node (say). To do passwordless login from slave node to master, create a keypair in master node also and copy that in slave node.

    In the entire process it would be better to chande the permission of the file id_rsa.pub to 600.

    I had tried in my system and is working fine..
    Thanx.

  10. Hi,
    Great & explanatory article.
    Can you please let me know how to do tunneling with autossh.

    Thanks
    Karan

Leave a Reply

Site last updated October 20, 2012 @ 12:53 pm; This content last updated September 13, 2012 @ 1:10 am