Hack 72. Setup SSH passwordless login in OpenSSH

by Ramesh

You can login to a remote Linux server without entering password in 3 simple steps using ssky-keygen and ssh-copy-id as explained in this example.

ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host’s home, ~/.ssh, and ~/.ssh/authorized_keys.

Step 1: Create public and private keys using ssh-key-gen on local-host

  1. jsmith@local-host$ ssh-keygen
  2.  
  3. Generating public/private rsa key pair.
  4. Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
  5. Enter passphrase (empty for no passphrase): [Press enter key]
  6. Enter same passphrase again: [Pess enter key]
  7. Your identification has been saved in /home/jsmith/.ssh/id_rsa.
  8. Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
  9. The key fingerprint is:
  10. 33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host

Step 2: Copy the public key to remote-host using ssh-copy-id

  1. jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
  2.  
  3. jsmith@remote-hosts password:
  4. Now try logging into the machine, with ssh remote-host’”, and check in:
  5. .ssh/authorized_keys to make sure we havent added extra keys that you werent expecting.
  6.  
  7. Note: ssh-copy-id appends the keys to the remote-hosts .ssh/authorized_key.

Step 3: Login to remote-host without entering the password

  1. jsmith@local-host$ ssh remote-host
  2.  
  3. Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
  4.  
  5. [Note: SSH did not ask for password.]
  6.  
  7. jsmith@remote-host$ [Note: You are on remote-host here]