In this article, we will learn how to enable password-less login on Linux using ssh key.
Using Password-less login with SSH key will increase the trust between two Linux servers.
Here are 3 steps to log in to Linux without the password.
create SSH Key on Client
Copy public key to the server
Disable password login on the server
Create SSH Key on Client
We can use ssh-keygen command to generate SSH keys in Linux.
Generate a key pair with the following command. The default SSH key type is RSA. Check this post to know which SSH Key type is more secure in Linux.
Press Enter to confirm the default location (that is, ~/.ssh/id_rsa) for the newly created key.
Enter a passphrase, and confirm it by entering it again when prompted to do so.
Check the SSH public key file and private key file with ls command under ~/.ssh/ directory
Change the permissions of the ~/.ssh/ directory and key files:
Here are the commands we use for generating SSH keys.
# ssh-keygen -t rsa -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/home/john/.ssh/id_rsa): The key fingerprint is: SHA256:6ezTTbbipomsipqJrsmqHFkGeM0VMPDv24PhimnbD+Y john@TOCAO-M-F13P The key's randomart image is: +---[RSA 4096]----+ | ..o.o. | |. + o | |... + | | .. . . | | o . S | | + ..o o | | o o..oo. + . | |+=o* oo=o.+ o | |^==oE+= =*.. | +----[SHA256]-----+
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa.pub $ chmod 600 ~/.ssh/id_rsa
Copy public key to the user account of the server
Append the content of ~/.ssh/id_rsa.pub into the ~/.ssh/authorized_keys file on the server-side.
Change the permissions of the ~/.ssh/authorized_keys file and ~/.ssh using the following command on the server-side.
We can use these three commands to copy the public key to the remote server.
cat ~/.ssh/id_rsa.pub | ssh firstname.lastname@example.org "cat >> ~/.ssh/authorized_keys"
$ chmod 600 ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh
We can also use the command ssh-copy-id for this.
$ ssh-copy-id user@hostname
Disable Password login on the server
Ensure this option "PasswordAuthentication no" in /etc/ssh/sshd_config in server
Add this configuration "PubkeyAuthentication yes " in /etc/ssh/sshd_config
To enable the change, restart the SSH daemon with this command "systemctl restart sshd "
Now we can log in to the remote server without a password.
Troubleshooting Guide for SSH login without Password
most time the root user is not allowed to log in with ssh. This can be verified with the configuration in /etc/ssh/sshd_config file.
check the log /var/log/messages. and /var/log/secure for the login issue
check the permission of the ssh key directory and even the .ssh directory
use ssh -vvvv to print debug info about access process