CentosCommands

How To Setup SSH Passwordless Login on CentOS 7 / RHEL 7/ RHEL 8

Secure Shell (SSH) is a cryptographic network protocol used for secure connection between a client and a server and supports various authentication mechanisms. It is also used to transfer files from one computer to another computer over the network using secure copy (SCP) Protocol.
In this article we will show you how to setup password-less login on CentOS 7, RHEL 7, RHEL 8 using ssh keys to connect to remote Linux servers without entering password. Using Password-less login with SSH keys will increase the trust between two Linux servers for easy file synchronization or transfer.
In this example we will setup SSH password-less automatic login from server 192.168.1.5 as user rasho to 192.168.1.8 with user miroslav.

How do I Setup SSH Passwordless Login

To setup a passwordless SSH login in Linux all you need to do is to generate a public authentication key and append it to the remote hosts ~/.ssh/authorized_keys file.
The following command will generate a new 4096 bits SSH key pair with your email address as a comment:

# ssh-keygen -t rsa -b 4096 -C "[email protected]"

Press Enter to accept the default file location and file name:

Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

Next, the ssh-keygen tool will ask you to type a secure passphrase. Whether you want to use passphrase its up to you, if you choose to use passphrase you will get an extra layer of security. In most cases developers and system administrators are using SSH without a passphrase because they are useful for fully automated processes. If you don’t want to use passphrase just press Enter

Enter passphrase (empty for no passphrase):

The whole interaction looks like this:

# ssh-keygen -t rsa -b 4096 -C "[email protected]"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:IzizL5Vf5RpUNftqwLJrNKIisSRMpiid58/ECXVhrTY [email protected]
The key's randomart image is:
+---[RSA 4096]----+
|        o.   .o  |
|       . .. .  o |
|      . .. .  .  |
| o   o .E ...  . |
|*. .= .oSo.oo   .|
|=.= .*oo..=o.. . |
|.o =..+o +.+  o  |
|  o ++. . o. .   |
|   . ++  ..      |
+----[SHA256]-----+

Copy the public SSH key to remote host

Copying the key is a simple task and that can be completed by using ssh-copy-id command as shown.

# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

When prompted for the remote user’s password, simply enter it. This will create the .ssh directory if missing and the authorized_keys file with appropriate permissions.

[email protected]:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/rasho/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

Test SSH Passwordless Login

Now that we have the key copied to our remote server, we can test the connection. You should not be asked for password:

[email protected]:~# ssh [email protected]
Last login: Sat Feb  9 11:34:53 2019 from 192.168.1.5
[[email protected] ~]#

If everything went well, you will be logged in immediately.

Disabling SSH Password Authentication

To add an extra layer of security to your server you can disable the password authentication for SSH.
Log into your remote server with SSH keys:

ssh [email protected]_ip_address

Open the SSH configuration file /etc/ssh/sshd_config:

sudo vi /etc/ssh/sshd_config

Search for the following directives and modify as it follows:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Once you are done save the file and restart the SSH service.

# sudo systemctl restart sshd

Conclusion

In this tutorial you learned how to SSH to your CentOS 7, RHEL 7, RHEL 8 system using passwordless ssh key. I hope the process was easy. If you have any questions, please post them in the comment section below.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close