Header Ads

Configure SSH Passwordless Login Authentication (SSH-keygen)

This tutorial post will help you with how to configure SSH passwordless login authentication for users on Linux Servers.

How to Configure SSH Passwordless Login Authentication (SSH-keygen)

SSH (Secure Shell) is a default protocol used to connect linux server remotely with valid users credentials (Username and Password).

Configure SSH Passwordless Login Authentication

Configure SSH passwordless authentication helps us to perform some automated tasks using scripts or to avoid entering username and passwords for everytime. Lets see how to enable password less login authentication.

Let's take an example to enable and configure SSH passwordless login authentication from node1.learnitguide.net (Source Server) to node2.learnitguide.net (Target Server).

Lab Environment:

Source server Name : node1.learnitguide.net
User on Source server : root

Target / Destination Server Name : node2.learnitguide.net
User on Destination Server : root

Also Watch this "Configure SSH passwordless login" Tutorial video on our YouTube Channel.

Step 1 : Create a authentication key pairs using ssh-keygen

Login into "node1.learnitguide.net" with user (root) from which you try to connect to target or destination server (node2.learnitguide.net). Once you have logged in and use ssh-keygen command.

ssh-keygen is a tool available default in linux used to create a ssh authentication key pairs. ssh-keygen can create RSA keys, DSA keys, ECDSA keys, ED25519 keys.

By default, ssh-keygen will generate an RSA key pairs with one public and private key. If you want to generate any other type of keys (DSA keys, ECDSA keys, ED25519 keys), it must be specified with -t option along with ssh-keygen command. (ssh-keygen -t dsa). For this example, I just go with rsa key hence I use ssh-keygen command without any arguments.

[root@node1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): <== Hit Enter
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): <== Hit Enter
Enter same passphrase again: <== Hit Enter
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
3a:25:c0:2e:3c:29:9d:b1:f7:6e:39:1e:0b:db:4f:98 root@node1.learnitguide.net
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|   .             |
|  . o            |
| o * .           |
|. O o . S        |
| . + . *         |
|    . E..        |
|     =+=         |
|    .o=o.        |
[root@node1 ~]#

Once you have executed ssh-keygen command, it is generated a private and public key pairs under the home directory of user by whom you have executed the ssh-keygen command.

[root@node1 ~]# ll ~/.ssh/
total 12
-rw------- 1 root root 1675 Jun 16 20:21 id_rsa
-rw-r--r-- 1 root root  410 Jun 16 20:21 id_rsa.pub

-rw-r--r-- 1 root root  183 Jun 16 20:51 known_hosts

where, id_rsa is a private key with RSA encryption and id_rsa.pub is a public key with RSA encryption.

Step 2 : Copy SSH public key from node1 (source) to node2 (target)

Once you have private and public key, we must add the content of public key to the target server under the target user's home directory. It can be done in two ways,

1. Login into target server and add a public key content manually
2. Use ssh-copy-id command to add remotely with "-i" option by specifying the public key to be copied.

We recommend to use ssh-copy-id command to avoid any human errors.

[root@node1 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@node2.learnitguide.net
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node2.learnitguide.net's password:
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'root@node2.learnitguide.net'"
and check to make sure that only the key(s) you wanted were added.
[root@node1 ~]#

Public key is added to target server.

Step 3 : Verify password less authentication works or not

From node1 server, Try login into node2 target server to check password less login authentication is working or not.

[root@node1 ~]# ssh root@node2.learnitguide.net
Last failed login: Sat Jun 16 20:56:31 IST 2018 from on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sat Jun 16 20:51:44 2018 from
[root@node2.learnitguide.net ~]#

Great. We are able to login to target server from source server without password prompt. So SSH password less login authentication is enabled as expected Similarly, you can configure SSH passwordless authentication between a source server to any number of target servers.

Related Content on Linux might be useful to you to improve your Linux Skills.

Keep practicing and have fun. Leave your comments if any.

Support Us: Share with your friends and groups.

Stay connected with us on social networking sites, Thank you.
Powered by Blogger.