Secure Shell (SSH) is a cryptographic network protocol used for secure connection between a client and a server and supports various authentication mechanisms. It is also used to transfer files from one computer to another computer over the network using secure copy (SCP) Protocol.
In this article we will show you how to setup password-less login on CentOS 7, RHEL 7, RHEL 8 using ssh keys to connect to remote Linux servers without entering password. Using Password-less login with SSH keys will increase the trust between two Linux servers for easy file synchronization or transfer.
In this example we will setup SSH password-less automatic login from server 192.168.1.5 as user rasho to 192.168.1.8 with user miroslav.
How do I Setup SSH Passwordless Login
To setup a passwordless SSH login in Linux all you need to do is to generate a public authentication key and append it to the remote hosts ~/.ssh/authorized_keys file.
The following command will generate a new 4096 bits SSH key pair with your email address as a comment:
# ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"
Press Enter to accept the default file location and file name:
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
Next, the ssh-keygen tool will ask you to type a secure passphrase. Whether you want to use passphrase its up to you, if you choose to use passphrase you will get an extra layer of security. In most cases developers and system administrators are using SSH without a passphrase because they are useful for fully automated processes. If you don’t want to use passphrase just press Enter
Enter passphrase (empty for no passphrase):
The whole interaction looks like this:
# ssh-keygen -t rsa -b 4096 -C "rasho@lintut.com" Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:IzizL5Vf5RpUNftqwLJrNKIisSRMpiid58/ECXVhrTY rasho@lintut.com The key's randomart image is: +---[RSA 4096]----+ | o. .o | | . .. . o | | . .. . . | | o o .E ... . | |*. .= .oSo.oo .| |=.= .*oo..=o.. . | |.o =..+o +.+ o | | o ++. . o. . | | . ++ .. | +----[SHA256]-----+
Copy the public SSH key to remote host
Copying the key is a simple task and that can be completed by using ssh-copy-id command as shown.
# ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote-server
When prompted for the remote user’s password, simply enter it. This will create the .ssh directory if missing and the authorized_keys file with appropriate permissions.
rasho@Gandalf:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub miroslav@192.168.1.8 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/rasho/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys miroslav@192.168.1.8's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'miroslav@192.168.1.8'" and check to make sure that only the key(s) you wanted were added.
Test SSH Passwordless Login
Now that we have the key copied to our remote server, we can test the connection. You should not be asked for password:
rasho@Gandalf:~# ssh miroslav@192.168.1.8 Last login: Sat Feb 9 11:34:53 2019 from 192.168.1.5 [miroslav@lintut ~]#
If everything went well, you will be logged in immediately.
Disabling SSH Password Authentication
To add an extra layer of security to your server you can disable the password authentication for SSH.
Log into your remote server with SSH keys:
ssh user@server_ip_address
Open the SSH configuration file /etc/ssh/sshd_config:
sudo vi /etc/ssh/sshd_config
Search for the following directives and modify as it follows:
PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no
Once you are done save the file and restart the SSH service.
# sudo systemctl restart sshd
Conclusion
In this tutorial you learned how to SSH to your CentOS 7, RHEL 7, RHEL 8 system using passwordless ssh key. I hope the process was easy. If you have any questions, please post them in the comment section below.
