SSH (Secure SHELL) is an open source and most trusted network protocol that is used to login into remote servers for execution of commands and programs. It is also used to transfer files from one computer to another computer over the network using secure copy (SCP) Protocol.
In this article I will show you how to setup password-less login using ssh keys to connect to remote Linux servers without entering password. Using Password-less login with SSH keys will increase the trust between two Linux servers for easy file synchronization or transfer.
If you are dealing with number of Linux remote servers, then SSH Password-less login is one of the best way to automate tasks such as automatic backups with scripts, synchronization files using scp and remote command execution.
In this example we will setup SSH password-less automatic login from server '192.168.1.1' as user 'anupuser' to '192.168.1.2' with user 'dixituser'.
[anupuser@anupuser.com ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/anupuser/.ssh/id_rsa): [Press enter key]
Created directory '/home/anupuser/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/anupuser/.ssh/id_rsa.
Your public key has been saved in /home/anupuser/.ssh/id_rsa.pub.
The key fingerprint is:
af:bc:25:72:d4:04:65:d9:5d:11:f0:eb:1d:89:50:4c anupuser@anupuser.com
The key's randomart image is:
[anupuser@anupuser.com ~]$ ssh dixituser@192.168.1.2 mkdir -p .ssh
The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established.
RSA key fingerprint is d6:53:94:43:b3:cf:d7:e2:b0:0d:50:7b:17:32:29:2a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.2' (RSA) to the list of known hosts.
dixituser@192.168.1.2's password: [Enter Your Password Here]
[anupuser@anupuser.com ~]$ cat .ssh/id_rsa.pub | ssh dixituser@192.168.1.2 'cat >> .ssh/authorized_keys'
dixituser@192.168.1.2's password: [Enter Your Password Here]
[anupuser@anupuser.com ~]$ ssh dixituser@192.168.1.2 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
dixituser@192.168.1.2's password: [Enter Your Password Here]
[anupuser@anupuser.com ~]$ ssh dixituser@192.168.1.2
sudo nano /etc/ssh/sshd_config
Within that file, find the line that includes PermitRootLogin and modify it to ensure that users can only connect with their SSH key:
PermitRootLogin without-password
Put the changes into effect:
reload ssh
In this article I will show you how to setup password-less login using ssh keys to connect to remote Linux servers without entering password. Using Password-less login with SSH keys will increase the trust between two Linux servers for easy file synchronization or transfer.
If you are dealing with number of Linux remote servers, then SSH Password-less login is one of the best way to automate tasks such as automatic backups with scripts, synchronization files using scp and remote command execution.
In this example we will setup SSH password-less automatic login from server '192.168.1.1' as user 'anupuser' to '192.168.1.2' with user 'dixituser'.
Step 1: Create Authentication SSH-Kegen Keys on –(192.168.1.1)
First login into server 192.168.1.1 with user anupuser and generate a pair of public keys using following command.[anupuser@anupuser.com ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/anupuser/.ssh/id_rsa): [Press enter key]
Created directory '/home/anupuser/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/anupuser/.ssh/id_rsa.
Your public key has been saved in /home/anupuser/.ssh/id_rsa.pub.
The key fingerprint is:
af:bc:25:72:d4:04:65:d9:5d:11:f0:eb:1d:89:50:4c anupuser@anupuser.com
The key's randomart image is:
Step 2: Create .ssh Directory on – (192.168.1.2)
Use SSH from server 192.168.1.1 to connect server 192.168.1.2 using dixituser as user and create .ssh directory under it, using following command.[anupuser@anupuser.com ~]$ ssh dixituser@192.168.1.2 mkdir -p .ssh
The authenticity of host '192.168.1.2 (192.168.1.2)' can't be established.
RSA key fingerprint is d6:53:94:43:b3:cf:d7:e2:b0:0d:50:7b:17:32:29:2a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.2' (RSA) to the list of known hosts.
dixituser@192.168.1.2's password: [Enter Your Password Here]
Step 3: Upload Generated Public Keys to – 192.168.1.2
Use SSH from server 192.168.1.1 and upload new generated public key (id_rsa.pub) on server 192.168.1.2 under dixituser‘s .ssh directory as a file name authorized_keys.[anupuser@anupuser.com ~]$ cat .ssh/id_rsa.pub | ssh dixituser@192.168.1.2 'cat >> .ssh/authorized_keys'
dixituser@192.168.1.2's password: [Enter Your Password Here]
Step 4: Set Permissions on – 192.168.1.2
Due to different SSH versions on servers, we need to set permissions on .ssh directory and authorized_keys file.[anupuser@anupuser.com ~]$ ssh dixituser@192.168.1.2 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
dixituser@192.168.1.2's password: [Enter Your Password Here]
Step 5: Login from 192.168.1.1 to 192.168.1.2 Server without Password
From now onwards you can log into 192.168.1.2 as 'dixituser' user from server 192.168.1.1 as 'anupuser' user without password.[anupuser@anupuser.com ~]$ ssh dixituser@192.168.1.2
Optional Step Four—Disable the Password for Root Login
Once you have copied your SSH keys unto your server and ensured that you can log in with the SSH keys alone, you can go ahead and restrict the root login to only be permitted via SSH keys. In order to do this, open up the SSH config file:sudo nano /etc/ssh/sshd_config
Within that file, find the line that includes PermitRootLogin and modify it to ensure that users can only connect with their SSH key:
PermitRootLogin without-password
Put the changes into effect:
reload ssh
