Secure Shell(SSH) is a cryptographic network protocol for providing secure remote login over an unsecured network. SSH supports remote command-line, login, and remote command execution. This article describes a step by step procedure to set up password-less SSH or SFTP login between a source and destination system.
If there are a large number of servers in the organization, it is difficult or a pain to login every system using a password and this is a time consuming process. SSH supports passwordless login by setting up a public and private RSA or DSA encrypted keys, which helps to access the remote system without entering password.
- How To Setup SSH Passwordless Login on Linux|CentOS|RHEL|Ubutu?
- Passwordless SSH setup on Linux
- Passwordless SFTP setup on Linux
- Arch Linux
Following are the details of SSH client and SSH server system to be used at many placed in this article.
Source/client system: 192.168.0.5
Destination/Server system: 192.168.0.6
Client side user: testclient
Server side user: user01
Client side configuration on 192.168.0.5 system
How SSH password less authentication works?
- In order to setup passwordless authentication, set up a RSA or DSA key pair. This generates two keys 1) Private key and 2) Public key.
- Private key is stored on the client system and the publc key is stored on the destination or server system.
- Pass the location of private key when you login to the remote system.
- Remote SSH server will apply a hash function to validate auhenticity of the public key stored in its databse by using the supplied private key by the client system.
- If validation is successful, passwordless authentication succeeds.
- Login to the client system as testclient user as per the LAB details or the user which needs passwordless login setup and execute the following command to generate RSA key pair. 
$ ssh-keygen -t rsa -C "testclient ssh client" ## With -C we add a comment to the key => Enter the path of the key if needed and chose default Generating public/private rsa key pair. Enter file in which to save the key (/home/testclient/.ssh/id_rsa): Created directory '/home/testclient/.ssh'. => If you need a passphrase to secure the private key enter the passphrase or just give enter to leave the passphrase empty. Enter passphrase (empty for no passphrase): Enter same passphrase again: => Now RSA public and private key pair has been created as below. Your identification has been saved in /home/testclient/.ssh/id_rsa. <<<<< Private key Your public key has been saved in /home/testclient/.ssh/id_rsa.pub. <<<<< Public Key The key fingerprint is: SHA256:Vlg9zEPVIPg5PRvkkS+uI2kQoCZ/KLtXy7wD2Dn9sxo testclient ssh client The key's randomart image is: +---[RSA 2048]----+ | .*o.o+ | | . o. *.+ .| | . .. .. B o | | . o .. + * .| | * + S. o = | | o B +.. o | | o BEo . . . | | . . =.o + o | | .o o+.+ . . | +----[SHA256]-----+
Upon successfull execution of the above command, we’ll see following two files in /home/testclient/.ssh directory. 
/home/testclient/.ssh/id_rsa <<<< Private
/home/testclient/.ssh/id_rsa.pub <<<<< Public Key
Copy the public key /home/testclient/.ssh/id_rsa.pub file to the remote system using following command. 
=> Login as testclient on the source system => Execute the following command to copy public key to the remote system [testclient@centos-testclient ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub firstname.lastname@example.org /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/testclient/.ssh/id_rsa.pub" Are you sure you want to continue connecting (yes/no)? yes /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys email@example.com's password: <<<<<< Enter Password of user01 of the remote system Number of key(s) added: 1 [...]
- Above command creates an authorized_keys file on the remote system inside user01’s home directory as ~user01/.ssh/authorized_keys with following content. 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxJi/qFpRjedjA+RU2QSgK63jJu4vVzVhzFhAwkrVNrDUWIYtHqqcnAh9Dm+IPr7VSA2LdEsSzrLJGIDpYSkBBBQOElVCg5+vxtTpD7p/P/mYv0Ay8s7QcxijrqhqoIlJcHaw52RzcMfiup0Sem0+8s5rY8FgLAZ28yZA5iG7kwv82dHP2yXBVWz51oCFz0C2FnM06adfstGxKuekVOD6Wz5Dr3r6N8zneicppaDNJ1tbucevogm9WXicBnptU5vrCmSl0r92tZsn7onzO9JDMW+RAJFKBH957Wciil/B6F9KVeZICS3l/Gvs2qpB5L2mEttm+WNSWZYd6+pw2Q2Wl testclient ssh client
Now validate passwordless login from source to destination from testclient user account 
[testclient@centos-client ~]$ ssh firstname.lastname@example.org <<< Login successful without password primpt >>> [user01@centos-server ~]$ id ## Command executed on the server system after login uid=1001(user01) gid=1001(user01) groups=1001(user01) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 <<< Logout from remote system >>> [user01@centos-testsrv ~]$ logout Connection to localhost closed.
If name and location of of the private key is other than /home/testclient/.ssh/id_rsa execute the following command for passwordless login.
ssh -i <key path> email@example.com
SFTP Passwordless login
For SFTP passwordles login, the procedure is same as above. There would be a slight change in procedure if don’t have login to the remote system.
If you have login available to the remote system, there is no change in the procedure. Execute the following command for passwordless log after copying the public key content to the remote system.
$ sftp user01@localhost Connected to localhost. sftp>
If you don’t have login to the remote SFTP server, after the RSA/DSA key generation, provide the public key to the remote server administrator. Remote admin will copy the public key content to remote user’s authorized_keys file to make passwordless login successful.