Skip to main content

General Documents

Set up Passwordless SSH Authentication

Secure Shell (SSH) is a secure network protocol used to sign in to remote servers to run commands and programs. With this cryptographic protocol, you can manage machines and copy or move files on a remote server using encrypted channels.

There are two ways to sign in to a remote system over SSH using:

  • Password authentication

  • Public key authentication (Passwordless SSH authentication)

This article describes how to set up passwordless SSH authentication on Linux servers to run deployment commands without entering the SSH user password.

Before you Start

Ensure that you have:

  • Access to a command line or terminal window

  • Sudo or root privileges

  • A local server and a remote server

  • SSH access to a remote server using the command line or terminal window

You may already have an SSH key pair generated on your machine. To check if you have SSH keys on the system, run the following command:

ls -al ~/.ssh/id_*.pub

If the output says that there are no such files, then follow the steps mentioned in this article to generate SSH keys. If you already have the SSH keys on the system, you can back up the existing keys and create a new pair or overwrite the keys.

Steps

  1. Generate SSH Key Pair

  2. Upload Public Key to Remote Server

  3. Sign in to Remote Server Without a Password

Generate SSH Key Pair

To generate the SSH key pair, do the following:

  1. Run the following command to generate an SSH key pair:

    ssh-keygen -t rsa -b <bits> -C "<email_id>"

    For example, ssh-keygen -t rsa -b 4096 -C "john@cyware.com". This command generates a 4096-bit key pair for John.

    Note

    Email ID is an optional attribute in this command.

  2. To store the keys, do one of the following

    • Enter the file path where you want to store the keys. For example, /home/john/.ssh/.

    • Press Enter to store the keys in the default path.

  3. For passphrase setup, do one of the following:

    • Enter a passphrase to make the connection more secure.

    • Press Enter to skip setting the passphrase.

Sample Output

Your identification has been saved in /home/john/.ssh/id rsa.
Your public key has been saved in /home/john/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256: mEDEJEmq9Ls4AC2xxxxxxxxxxOpDsHkoYx20MOPg john@cyware.com
The key's randomart image is:
+- - - [RSA 4096] - - -+
|+*0=+.                |
|*+=0.                 |
|0X.  .                |
|XOE.  . o             |
|@.o.   o S            |
|B=.  .                |
|B*..                  |
|+++ .                 |
|o+..                  |
+- - - -[SHA256]- - - -|

To verify if you have successfully created the SSH key pair, run the following command:

ls -al ~/.ssh/id_*.pub

You should see the path where the identification key and public key are stored.

Upload Public Key to Remote Server

You can upload the public SSH key to a remote server with the ssh-copy-id command or the catcommand.

Upload Public Key Using ssh-copy-id Command

Run the following command to connect to a remote server and upload the public key:

ssh-copy-ide [remote_username]@[server_ip_address]

The public key is uploaded to the .ssh/authorized_keys file of the remote server.

Upload Public Key Using cat Command

To upload the public key to a remote server, do the following:

  1. To connect to a remote server and create a .ssh directory on the remote server, run the following command:

    ssh [remote_username]@[server_ip_address] mkdir -p .ssh

    For example, ssh john@10.x.x.106 mkdir -p .ssh.

  2. Enter the password for the remote user and press Enter.

  3. To upload the public key to the .ssh directory, run the following command:

    cat .ssh/id_rsa.pub | ssh [remote_username]@[server_ip_address] 'cat &gt;&gt; .ssh/authorized_keys'

The public key is uploaded to the .ssh/authorized_keys file of the remote server.

Sign in to Remote Server Without a Password

To connect and sign in to the remote server, run the following command:

ssh [remote_username]@[server_ip_address]

For example, ssh john@10.x.x.106. You should be able to sign in to the remote server without entering a password.

If the system asks to enter a password even after setting up the passwordless SSH authentication, update the following file permissions on the remote server.

  • Set permissions 700 for the .ssh directory.

  • Set permissions 640 for the .ssh/authorized_keys directory.

Run the following command to update the file permissions:

ssh [remote_username]@[server_ip_address] "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

Enter your password when prompted. There is no output if the action is successful.