18 - How to Setup password-less connection via ssh in Linux

In this article we will show you how to setup password-less log in using ssh keys to connect to remote Linux servers without entering password. Using Password-less log in with SSH keys will increase the trust between two Linux servers for easy file synchronization or transfer.

SSH Password-less log in is one of the best way to automate tasks such as automatic backups with scripts, synchronization files using scp and remote command execution.

Let's follow the steps in creating the password-less connection.

  • 1- First you need to install SSH-client .
  • yum install ssh
    ......
    .....
    
     
  • 2- Generate a pair of public keys.
  • To do so you need to use the commands:(just press enter until the process finishes)

    [root@xxxx1 staging]# ssh-keygen -t dsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    0a:2d:de:92:c0:04:2e:2d:f9:b5:f5:ea:a4:84:e9:15 root@xxxx1
    The key's randomart image is:
    +--[ RSA 2048]----+
    |.                |
    |.+               |
    |+.o . .          |
    |.= . + .         |
    |  + E . S        |
    |   = * o         |
    |  o * =          |
    | . o =           |
    |  . . .          |
    +-----------------+
  • 3- Set directory permission
  • Next make sure you have correct permission on .ssh directory:

    [root@xxxx1 staging]# cd ~
    [root@xxxx1 ~]# ls -la .ssh
    total 20
    drwx------. 2 root root 4096 Sep 30 12:45 .
    dr-xr-x---. 6 root root 4096 Sep 30 12:44 ..
    -rw-------. 1 root root 1675 Sep 30 12:45 id_rsa
    -rw-r--r--. 1 root root  393 Sep 30 12:45 id_rsa.pub
    -rw-r--r--. 1 root root  408 Sep 30 12:44 known_hosts
    [root@xxxx1 ~]# chmod 755 .ssh
    
    
     
  • 4- Create the file authorized_keys inside .ssh folder and copy the content of the id_pub.pub inside of it.
  • This will hold the used keys for password-less connection.

    [root@xxxx1 ~]# cd .ssh
    [root@xxxx1 .ssh]# touch authorized_keys
    [root@xxxx1 .ssh]# cat id_rsa.pub > authorized_keys
    [root@xxxx1 .ssh]# cat authorized_keys
    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxVB3FtzWPvYUb+vMZp77dfFMU81X5rQsPBmMGQM8ib7POx.......== root@xxxx1
    [root@xxxx1 .ssh]#
  • 5- Change the permission on authorized_keys.
  • [root@xxxx1 .ssh]# chmod 600 authorized_keys
    [root@xxxx1 .ssh]# ll
    total 16
    -rw-------. 1 root root  393 Sep 30 13:05 authorized_keys
    -rw-------. 1 root root 1675 Sep 30 12:45 id_rsa
    -rw-r--r--. 1 root root  393 Sep 30 12:45 id_rsa.pub
    -rw-r--r--. 1 root root  408 Sep 30 12:44 known_hosts
  • 6- Do the same on the other server where you want to connect password-less.
  • Just follow the first 5 steps.

  • 7- Copy public key from one server to another and place it inside the authorized_keys file.
  • Then try to connect to the server. You will be asked if you want to continue and the host will be added to to the known_hosts file.

    [root@xxxx2 .ssh]# ssh root@xxxx1
    The authenticity of host 'xxxx1 (11.222.33.11)' can't be established.
    RSA key fingerprint is f9:2f:83:81:cc:37:10:be:d8:73:87:a8:a5:50:78:22.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'xxxx1,11.222.33.11' (RSA) to the list of known hosts.
    Last login: Mon Sep 30 12:36:29 2013 from host
    [root@xxxx1 ~]#
     

    And that is it - ssh password-less is configured.