How to setup SSH passwordless key-based authentication

For any system administrator the console is the work environment. In order to access a server remotely, most of the time any *NIX system administrator will use SSH (Secure Shell).

I am about to describe the method which allows you to log in to a certain server without typing any password, this is useful for backup scripts and automated actions especially.

We will be using two different servers, local and remote and will finally log in from local to remote without entering our password.

On the local machine:

1. Generate the DSA or RSA key pair:

 [user@local ~] $ ssh-keygen -t dsa 

This will provide the following output:

Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/
The key fingerprint is:
3e:5e:96:a1:62:f3:f4:e3:df:71:13:74:68:87:e1:4e user@usamvbt
The key's randomart image is:
+--[ DSA 1024]----+
|              .  |
|             . + |
|              E.o|
|             +...|
|        S .   .. |
|       . . o    .|
|      + = +   ...|
|     . * =.  . o.|
|        o.oo. .  |

2. We can now see the content of the private key:

[user@local ~]$ cat .ssh/id_dsa 

3. And the content of the public key:

[user@local ~]$ cat .ssh/ 

The content of this file will be copied in the /home/user/.ssh/authorized_keys file on the remote machine.

ssh-dss AAAAB3NzaC1kc3MAAACBAIFM+dnElYHYt3lzxXwNeuiAvmf1Q07i86YnfbwucDMW1gbrlnufuGEeMJhZdOlwnz2O5HgYrDC+/nf+KIAtY1wWF8JZHzoa+JoZjj/9zgEjlzkIiBWH+T5mCH0GpAVZTrj9vIpmu2E4gOVB1ODQGTrH9tzxeqk+WQRgUlkj/aLDAAAAFQC/Scj6UpEs3PUqeXm8WMpApA+bLwAAAIAqgzY2JdMh8iDv4aMlLeLk+GcC5fbPGaHOztVr7tBBejfvLtDR1aVZAVOGTZw+BFiJOZNcktKEN4iutnsqsz3YDs3w1R/2Ok5vK3bfi43ukWFLwp4kLlN3chRfI+P9JLoRtfk/8gcjOY+cx2K+2HkTeJvdFvRAlwkWlOGZZ8R3gwAAAIANASuu7NqOj69yM1tDSJ1vAYR6/BX5xH8qIhnCUcbrYIAGlNquVJGTNZ7CIzCCDTE0RCIr8SeRFxlQC8RpnsG7rMjlBJdfMKBvS7Y4HzejYkX/MbyA9+7Rj7wRq9VCvmz5I7l2Pv2Pg+VlhMQaAy7D66XtQ0tC0720RQXKoS3EkA== user@local
<code>[user@</code><code>local</code> <code>~]$</code>

On the remote machine:
1. Create the .ssh directory:

[test@remote ~]$ mkdir .ssh/

2. Set proper permissions on the .ssh directory (700 or rwx——):

[test@remote ~]$ chmod 700 <strong>.ssh</strong>/

3. Copy the contents of the to .ssh/authorized_keys file:

[test@remote ~]$ echo "ssh-dss AAAAB3NzaC1kc3MAAACBAIFM+dnElYHYt3lzxXwNeuiAvmf1Q07i86YnfbwucDMW1gbrlnufuGEeMJhZdOlwnz2O5HgYrDC+/nf+KIAtY1wWF8JZHzoa+JoZjj/9zgEjlzkIiBWH+T5mCH0GpAVZTrj9vIpmu2E4gOVB1ODQGTrH9tzxeqk+WQRgUlkj/aLDAAAAFQC/Scj6UpEs3PUqeXm8WMpApA+bLwAAAIAqgzY2JdMh8iDv4aMlLeLk+GcC5fbPGaHOztVr7tBBejfvLtDR1aVZAVOGTZw+BFiJOZNcktKEN4iutnsqsz3YDs3w1R/2Ok5vK3bfi43ukWFLwp4kLlN3chRfI+P9JLoRtfk/8gcjOY+cx2K+2HkTeJvdFvRAlwkWlOGZZ8R3gwAAAIANASuu7NqOj69yM1tDSJ1vAYR6/BX5xH8qIhnCUcbrYIAGlNquVJGTNZ7CIzCCDTE0RCIr8SeRFxlQC8RpnsG7rMjlBJdfMKBvS7Y4HzejYkX/MbyA9+7Rj7wRq9VCvmz5I7l2Pv2Pg+VlhMQaAy7D66XtQ0tC0720RQXKoS3EkA== user@local" > .ssh/authorized_keys
[test@remote ~]$

4. Set proper permissions on the authorized_keys file: (644 or rw-r–r–):

[test@remote ~]$ chmod 644 <strong>.ssh/authorized_keys</strong>/

5. Logout from the remote machine:

[test@remote ~]$ exit

Now go back on the local machine and try to login to remote as user test (you will be prompted if you accept to connect, type yes):

[user@local ~]$ ssh test@remote
The authenticity of host '[remote]:22 ([]:22)' can't be established.
RSA key fingerprint is 5b:95:95:b8:f6:a8:82:b3:22:74:49:f1:89:e4:9f:b8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[remote]:22' (RSA) to the list of known hosts.
[test@remote ~]$

Congratulations, you have managed to set up SSH key based/passwordless authentication!

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.