SSH (Secure SHELL) is a secure opensource network protocol that allows users to log in securely to remote Linux systems and other network devices. In addition, the protocol is used for the transfer of files between Linux systems using Secure copy (SCP) protocol.
Usually, SSH prompts users for passwords before login. However, you can configure SSH Passwordless login to another remote Linux system from your Linux system. This enhances trust and comes in handy in cron jobs that require backup of files remotely using the SCP protocol.
In this guide, you will learn how to set up passwordless SSH login using ssh keys to increase trust between two servers.
Set up environment
ssh client : 66.152.163.19 (Ubuntu 18.04)
ssh remote Host : 173.82.2.236 (CentOS 7)
Generate SSH keys on the client system ( 66.152.163.19 )
The first step in setting up a passwordless login is to generate ssh authentication keys in the client system. SSH keys are digital keys that create trust between Linux systems.
To generate the ssh keys execute the command.
$ ssh-keygenYou will be prompted for the file in which to save the key. Hit ‘Enter’ to save to the default location directory ( /root/.ssh)
Enter file in which to save the key (/home/user/.ssh/id_rsa):Hit Enter.
Next, you will be prompted for a passphrase. This we are setting up a passwordless login, hit ‘Enter’ twice to skip.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Hit ‘Enter’ on both occasions.
The full output is shown below.
Sample output
The ssh-keygen command generates both public and private ssh keys and stores them in /root/.ssh directory.
To verify run:
ls /root/.sshSample output
The public key is denoted by id_rsa.pub.
The private key is denoted by id_rsa.
Copying the ssh public key to the remote system (173.82.2.236)
The next step is to copy the public key to the remote Linux server. This will be achieved using the ssh-copy-id command as shown below.
ssh-copy-id remote_username@server_ip_addressIn our example, the command will be:
ssh-copy-id root@173.82.2.236You will be asked if you are sure you want to continue connecting. Type yes and hit ‘Enter’
The authenticity of host '173.82.2.236 (173.82.2.236)' can't be established.
ECDSA key fingerprint is SHA256:U4aOk0p30sFjv1rzgh73uhGilwJ2xtG205QFqzB9sns.
Are you sure you want to continue connecting (yes/no)? yes
Next, you will be prompted for the remote system’s password. Type the password and hit ‘Enter’
root@173.82.2.236's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@173.82.2.236'"
and check to make sure that only the key(s) you wanted were added.
The full output is shown below.
The ssh public key will be saved at /root/.ssh/authorized_keys file on the remote system.
Logging in to the remote system
Having copied the public ssh key to the remote system, you can now log in without being prompted for a password as shown.
ssh server-ip-addressFor our case, this will be:
ssh 173.82.2.236
And that’s how you set up a Passwordless SSH setup from a client Linux system to a remote Linux server.
- Delete the public key from the client system. If you think that the private key is compromised, delete the public key from the remote server and set it up again.
- The above SSH command works without giving user id because we are using the root user in both the servers. If you have set up passwordless login for some other user, please provide that in the SSH command too.
