Password free SSH login
This post is about setting up password-free secure shell login ( ssh ) in linux machine. This is specific to SSH/SSH2 protocol. For this , I am considering two linux systems with hostnames kaveri (hostname1 - source) and vaigai (hostname2 - client). If you wish, you could also use the ip addresses instead of hostname.
Generate rsa keys
Linux utility key-gen
can be used to generate public/private keys ( based on rsa asymetric algorithm). When it asks for passphrase, just enter.
user@kaveri:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
e143:fa:e2:fc:ab:1d:ff:d8:3a:e9:3e:55:95:fd:51:04 user@kaveri
The key's randomart image is:
+--[ RSA 2048]----+
| Do.o|
| oo|
| o . =|
| . . .o|
| S . |
| . . |
| . . o |
| o.o . o+o |
| ..o=..o*=o |
+-----------------+
user@kaveri:~$
Files generated by key-gen
key-gen
will create three files known_hosts
, public key (id_rsa.pub
) and private key (id_rsa
). By the name, public key is something that has to be distributed in other linux boxes to which you want to ssh/scp/sftp without password and private key should be kept (kinda secured, thats why it is in hidden directory .ssh ) in source machine, should not be distributed.
user@kaveri:~$ cd .ssh
user@kaveri:~/.ssh$ ls -rlt
total 12
-rw-r--r-- 1 user user 1990 Apr 25 21:53 known_hosts
-rw-r--r-- 1 user user 399 May 19 21:38 id_rsa.pub
-rw------- 1 user user 1675 May 19 21:38 id_rsa
user@kaveri:~/.ssh$
Distribute the public key to client machines
For this, ensure the directory .ssh does exist and append id_rsa.pub
file with the authorized_keys
file by executing the below commands in source machine.
user@kaveri:~/.ssh$ ssh user@vaigai mkdir -p .ssh
user@kaveri:~/.ssh$ cat id_rsa.pub | ssh user@vaigai \
'cat >> .ssh/authorized_keys'
In case of SSH2 protocol version, authorized_keys2 has to be used instead of authorized_keys. Also modify the permission of .ssh to 700 and authorized_keys2 to 640
Check ssh (password-free) working
This can be done by secure-shell-ing to vaigai and execute the uname
command in the client machine. If everything goes fine without prompting for password, you are fine to go.
user@kaveri:~$ ssh user@vaigai "hostname"
vaigai