Easy Password-less SSH logins on Linux

ssh-copy-idI’m storing this as an aide memoire, really, but it may help you too.

Let’s say we have two systems, System_From and System_To. And two users, User_From and User_To. The objective is: log on to System_To as User_To, from System_From as User_From.

The steps

1. One-time key generation for User_From

On System_From, while logged on as User_From, proceed as follows:

[email protected]_From:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/User_From/.ssh/id_rsa):[hit enter]
Enter passphrase (empty for no passphrase):[hit enter]
Enter same passphrase again:[hit enter]
Your identification has been saved in /home/User_From/.ssh/id_rsa.
Your public key has been saved in /home/User_From/.ssh/id_rsa.pub.
The key fingerprint is:
be:e8:98:4a:26:1e:9b:ed:78:a7:e7:fe:d8:9d:3c:6d [email protected]_From
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|  E              |
|                 |
|               Q |
|        S        |
|       .         |
|oo      o     o  |
|+.Bo8ooo.E       |
| BOB++o++        |
+-----------------+

Note: if you use anything other than an empty passphrase, you will need to enter the passphrase each time you log on, which sort of defeats the object of this exercise!

This creates two files: id_rsa and id_rsa.pub. The private key, id_rsa, must always be kept secret. Your system should have marked it read/write for the owner only. The public key, id_rsa.pub is safe to copy to destination systems (see next section).

2. Copy the public key to System_To

OpenSSH comes with a handy script for copying the public key to the remote host (System_To, in this instance): ssh-copy-id. Use it like this, at the system you’re connecting from:

[email protected]_from:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]_To
[email protected]_To's password:[type User_To's password and hit enter]
Now try logging into the machine, with "ssh '[email protected]_To'", and check in:

  ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

If you’re connecting to SSH on a custom port, the command is thus:

ssh-copy-id -i ~/.ssh/id_rsa.pub "[email protected]_To -p custom#"

Repeat this step for all remote hosts to which you intend to connect.

3. Log in to System_To

Now, when you issue the command ssh System_To, you will be logged in straight away, with no password prompt.

One Reply to “Easy Password-less SSH logins on Linux”

Leave a Reply

Your email address will not be published. Required fields are marked *