How to setup SSH passwordless key-based authentication

For any system administrator the console is the work environment. In order to access a server remotely, most of the time any *NIX system administrator will use SSH (Secure Shell).

I am about to describe the method which allows you to log in to a certain server without typing any password, this is useful for backup scripts and automated actions especially.

We will be using two different servers, local and remote and will finally log in from local to remote without entering our password.

On the local machine:

1. Generate the DSA or RSA key pair:

 [user@local ~] $ ssh-keygen -t dsa 

This will provide the following output:

Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
3e:5e:96:a1:62:f3:f4:e3:df:71:13:74:68:87:e1:4e user@usamvbt
The key's randomart image is:
+--[ DSA 1024]----+
|              .  |
|             . + |
|              E.o|
|             +...|
|        S .   .. |
|       . . o    .|
|      + = +   ...|
|     . * =.  . o.|
|        o.oo. .  |
+-----------------+

2. We can now see the content of the private key:

[user@local ~]$ cat .ssh/id_dsa 
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCBTPnZxJWB2Ld5c8V8DXrogL5n9UNO4vOmJ328LnAzFtYG65Z7
n7hhHjCYWXTpcJ89juR4GKwwvv53/iiALWNcFhfCWR86GviaGY4//c4BI5c5CIgV
h/k+Zgh9BqQFWU64/byKZrthOIDlQdTg0Bk6x/bc8XqpPlkEYFJZI/2iwwIVAL9J
yPpSkSzc9Sp5ebxYykCkD5svAoGAKoM2NiXTIfIg7+GjJS3i5PhnAuX2zxmhzs7V
a+7QQXo37y7Q0dWlWQFThk2cPgRYiTmTXJLShDeIrrZ7KrM92A7N8NUf9jpObyt2
34uN7pFhS8KeJC5Td3IUXyPj/SS6EbX5P/IHIzmPnMdivth5E3ib3Rb0QJcJFpTh
mWfEd4MCgYANASuu7NqOj69yM1tDSJ1vAYR6/BX5xH8qIhnCUcbrYIAGlNquVJGT
NZ7CIzCCDTE0RCIr8SeRFxlQC8RpnsG7rMjlBJdfMKBvS7Y4HzejYkX/MbyA9+7R
j7wRq9VCvmz5I7l2Pv2Pg+VlhMQaAy7D66XtQ0tC0720RQXKoS3EkAIUFl+d+Bcb
hw+DEPtEfXsQLKst3C0=
-----END DSA PRIVATE KEY-----

3. And the content of the public key:

[user@local ~]$ cat .ssh/id_dsa.pub 

The content of this file will be copied in the /home/user/.ssh/authorized_keys file on the remote machine.

ssh-dss AAAAB3NzaC1kc3MAAACBAIFM+dnElYHYt3lzxXwNeuiAvmf1Q07i86YnfbwucDMW1gbrlnufuGEeMJhZdOlwnz2O5HgYrDC+/nf+KIAtY1wWF8JZHzoa+JoZjj/9zgEjlzkIiBWH+T5mCH0GpAVZTrj9vIpmu2E4gOVB1ODQGTrH9tzxeqk+WQRgUlkj/aLDAAAAFQC/Scj6UpEs3PUqeXm8WMpApA+bLwAAAIAqgzY2JdMh8iDv4aMlLeLk+GcC5fbPGaHOztVr7tBBejfvLtDR1aVZAVOGTZw+BFiJOZNcktKEN4iutnsqsz3YDs3w1R/2Ok5vK3bfi43ukWFLwp4kLlN3chRfI+P9JLoRtfk/8gcjOY+cx2K+2HkTeJvdFvRAlwkWlOGZZ8R3gwAAAIANASuu7NqOj69yM1tDSJ1vAYR6/BX5xH8qIhnCUcbrYIAGlNquVJGTNZ7CIzCCDTE0RCIr8SeRFxlQC8RpnsG7rMjlBJdfMKBvS7Y4HzejYkX/MbyA9+7Rj7wRq9VCvmz5I7l2Pv2Pg+VlhMQaAy7D66XtQ0tC0720RQXKoS3EkA== user@local
<code>[user@</code><code>local</code> <code>~]$</code>

On the remote machine:
1. Create the .ssh directory:

[test@remote ~]$ mkdir .ssh/

2. Set proper permissions on the .ssh directory (700 or rwx——):

[test@remote ~]$ chmod 700 <strong>.ssh</strong>/

3. Copy the contents of the id_dsa.pub to .ssh/authorized_keys file:

[test@remote ~]$ echo "ssh-dss AAAAB3NzaC1kc3MAAACBAIFM+dnElYHYt3lzxXwNeuiAvmf1Q07i86YnfbwucDMW1gbrlnufuGEeMJhZdOlwnz2O5HgYrDC+/nf+KIAtY1wWF8JZHzoa+JoZjj/9zgEjlzkIiBWH+T5mCH0GpAVZTrj9vIpmu2E4gOVB1ODQGTrH9tzxeqk+WQRgUlkj/aLDAAAAFQC/Scj6UpEs3PUqeXm8WMpApA+bLwAAAIAqgzY2JdMh8iDv4aMlLeLk+GcC5fbPGaHOztVr7tBBejfvLtDR1aVZAVOGTZw+BFiJOZNcktKEN4iutnsqsz3YDs3w1R/2Ok5vK3bfi43ukWFLwp4kLlN3chRfI+P9JLoRtfk/8gcjOY+cx2K+2HkTeJvdFvRAlwkWlOGZZ8R3gwAAAIANASuu7NqOj69yM1tDSJ1vAYR6/BX5xH8qIhnCUcbrYIAGlNquVJGTNZ7CIzCCDTE0RCIr8SeRFxlQC8RpnsG7rMjlBJdfMKBvS7Y4HzejYkX/MbyA9+7Rj7wRq9VCvmz5I7l2Pv2Pg+VlhMQaAy7D66XtQ0tC0720RQXKoS3EkA== user@local" > .ssh/authorized_keys
[test@remote ~]$

4. Set proper permissions on the authorized_keys file: (644 or rw-r–r–):

[test@remote ~]$ chmod 644 <strong>.ssh/authorized_keys</strong>/

5. Logout from the remote machine:

[test@remote ~]$ exit

Now go back on the local machine and try to login to remote as user test (you will be prompted if you accept to connect, type yes):

[user@local ~]$ ssh test@remote
The authenticity of host '[remote]:22 ([127.0.0.1]:22)' can't be established.
RSA key fingerprint is 5b:95:95:b8:f6:a8:82:b3:22:74:49:f1:89:e4:9f:b8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[remote]:22' (RSA) to the list of known hosts.
[test@remote ~]$

Congratulations, you have managed to set up SSH key based/passwordless authentication!

Leave a Reply

Your email address will not be published. Required fields are marked *