How to setup SSH passwordless key-based authentication

For any system administrator the console is the work environment. In order to access a server remotely, most of the time any *NIX system administrator will use SSH (Secure Shell).

I am about to describe the method which allows you to log in to a certain server without typing any password, this is useful for backup scripts and automated actions especially.

We will be using two different servers, local and remote and will finally log in from local to remote without entering our password.

On the local machine:

1. Generate the DSA or RSA key pair:

 [[email protected] ~] $ ssh-keygen -t dsa 

This will provide the following output:

Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/
The key fingerprint is:
3e:5e:96:a1:62:f3:f4:e3:df:71:13:74:68:87:e1:4e [email protected]
The key's randomart image is:
+--[ DSA 1024]----+
|              .  |
|             . + |
|              E.o|
|             +...|
|        S .   .. |
|       . . o    .|
|      + = +   ...|
|     . * =.  . o.|
|        o.oo. .  |

2. We can now see the content of the private key:

[[email protected] ~]$ cat .ssh/id_dsa 

3. And the content of the public key:

[[email protected] ~]$ cat .ssh/ 

The content of this file will be copied in the /home/user/.ssh/authorized_keys file on the remote machine.

ssh-dss AAAAB3NzaC1kc3MAAACBAIFM+dnElYHYt3lzxXwNeuiAvmf1Q07i86YnfbwucDMW1gbrlnufuGEeMJhZdOlwnz2O5HgYrDC+/nf+KIAtY1wWF8JZHzoa+JoZjj/9zgEjlzkIiBWH+T5mCH0GpAVZTrj9vIpmu2E4gOVB1ODQGTrH9tzxeqk+WQRgUlkj/aLDAAAAFQC/Scj6UpEs3PUqeXm8WMpApA+bLwAAAIAqgzY2JdMh8iDv4aMlLeLk+GcC5fbPGaHOztVr7tBBejfvLtDR1aVZAVOGTZw+BFiJOZNcktKEN4iutnsqsz3YDs3w1R/2Ok5vK3bfi43ukWFLwp4kLlN3chRfI+P9JLoRtfk/8gcjOY+cx2K+2HkTeJvdFvRAlwkWlOGZZ8R3gwAAAIANASuu7NqOj69yM1tDSJ1vAYR6/BX5xH8qIhnCUcbrYIAGlNquVJGTNZ7CIzCCDTE0RCIr8SeRFxlQC8RpnsG7rMjlBJdfMKBvS7Y4HzejYkX/MbyA9+7Rj7wRq9VCvmz5I7l2Pv2Pg+VlhMQaAy7D66XtQ0tC0720RQXKoS3EkA== [email protected]
<code>[[email protected]</code><code>local</code> <code>~]$</code>

On the remote machine:
1. Create the .ssh directory:

[[email protected] ~]$ mkdir .ssh/

2. Set proper permissions on the .ssh directory (700 or rwx——):

[[email protected] ~]$ chmod 700 <strong>.ssh</strong>/

3. Copy the contents of the to .ssh/authorized_keys file:

[[email protected] ~]$ echo "ssh-dss AAAAB3NzaC1kc3MAAACBAIFM+dnElYHYt3lzxXwNeuiAvmf1Q07i86YnfbwucDMW1gbrlnufuGEeMJhZdOlwnz2O5HgYrDC+/nf+KIAtY1wWF8JZHzoa+JoZjj/9zgEjlzkIiBWH+T5mCH0GpAVZTrj9vIpmu2E4gOVB1ODQGTrH9tzxeqk+WQRgUlkj/aLDAAAAFQC/Scj6UpEs3PUqeXm8WMpApA+bLwAAAIAqgzY2JdMh8iDv4aMlLeLk+GcC5fbPGaHOztVr7tBBejfvLtDR1aVZAVOGTZw+BFiJOZNcktKEN4iutnsqsz3YDs3w1R/2Ok5vK3bfi43ukWFLwp4kLlN3chRfI+P9JLoRtfk/8gcjOY+cx2K+2HkTeJvdFvRAlwkWlOGZZ8R3gwAAAIANASuu7NqOj69yM1tDSJ1vAYR6/BX5xH8qIhnCUcbrYIAGlNquVJGTNZ7CIzCCDTE0RCIr8SeRFxlQC8RpnsG7rMjlBJdfMKBvS7Y4HzejYkX/MbyA9+7Rj7wRq9VCvmz5I7l2Pv2Pg+VlhMQaAy7D66XtQ0tC0720RQXKoS3EkA== [email protected]" > .ssh/authorized_keys
[[email protected] ~]$

4. Set proper permissions on the authorized_keys file: (644 or rw-r–r–):

[[email protected] ~]$ chmod 644 <strong>.ssh/authorized_keys</strong>/

5. Logout from the remote machine:

[[email protected] ~]$ exit

Now go back on the local machine and try to login to remote as user test (you will be prompted if you accept to connect, type yes):

[[email protected] ~]$ ssh [email protected]
The authenticity of host '[remote]:22 ([]:22)' can't be established.
RSA key fingerprint is 5b:95:95:b8:f6:a8:82:b3:22:74:49:f1:89:e4:9f:b8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[remote]:22' (RSA) to the list of known hosts.
[[email protected] ~]$

Congratulations, you have managed to set up SSH key based/passwordless authentication!

Leave a Reply

Your email address will not be published. Required fields are marked *