How To Setup SSH|SFTP Passwordless Login on Linux|CentOS|RHEL|Ubutu

ssh

Secure Shell(SSH) is a cryptographic network protocol for providing secure remote login over an unsecured network. SSH supports remote command-line, login, and remote command execution. This article describes a step by step procedure to set up password-less SSH or SFTP login between a source and destination system.

If there are a large number of servers in the organization, it is difficult or a pain to login every system using a password and this is a time consuming process. SSH supports passwordless login by setting up a public and private RSA or DSA encrypted keys, which helps to access the remote system without entering password.

Topic

  • How To Setup SSH Passwordless Login on Linux|CentOS|RHEL|Ubutu?
  • Passwordless SSH setup on Linux
  • Passwordless SFTP setup on Linux

apt

  • Linux
  • Centos
  • RHEL
  • Ubuntu
  • Debian
  • Suse
  • Arch Linux

Solution


LAB Details

Following are the details of SSH client and SSH server system to be used at many placed in this article.

Source/client system: 192.168.0.5
Destination/Server system: 192.168.0.6
Client side user: testclient
Server side user: user01

Client side configuration on 192.168.0.5 system

How SSH password less authentication works?
  • In order to setup passwordless authentication, set up a RSA or DSA key pair. This generates two keys 1) Private key and 2) Public key.
  • Private key is stored on the client system and the publc key is stored on the destination or server system.
  • Pass the location of private key when you login to the remote system.
  • Remote SSH server will apply a hash function to validate auhenticity of the public key stored in its databse by using the supplied private key by the client system.
  • If validation is successful, passwordless authentication succeeds.

Configuration
  • Login to the client system as testclient user as per the LAB details or the user which needs passwordless login setup and execute the following command to generate RSA key pair. [1]

$ ssh-keygen -t rsa -C "testclient ssh client"  ## With -C we add a comment to the key

=> Enter the path of the key if needed and chose default
     Generating public/private rsa key pair.
     Enter file in which to save the key (/home/testclient/.ssh/id_rsa): 
     Created directory '/home/testclient/.ssh'.

=> If you need a passphrase to secure the private key enter the passphrase or just give enter to leave the passphrase empty. 
     Enter passphrase (empty for no passphrase):
     Enter same passphrase again: 

=>  Now RSA public and private key pair has been created as below. 
      Your identification has been saved in /home/testclient/.ssh/id_rsa.   <<<<< Private key
      Your public key has been saved in /home/testclient/.ssh/id_rsa.pub.   <<<<< Public Key

    The key fingerprint is:
    SHA256:Vlg9zEPVIPg5PRvkkS+uI2kQoCZ/KLtXy7wD2Dn9sxo testclient ssh client
    The key's randomart image is:
    +---[RSA 2048]----+
    |          .*o.o+ |
    |      .  o. *.+ .|
    |     . .. .. B o |
    |  . o   ..  + * .|
    |   * +  S.   o = |
    |  o B +..     o  |
    |   o BEo . . .   |
    |  . . =.o + o    |
    |  .o  o+.+ . .   |
    +----[SHA256]-----+

  • Upon successfull execution of the above command, we’ll see following two files in /home/testclient/.ssh directory. [2]
    /home/testclient/.ssh/id_rsa <<<< Private
    /home/testclient/.ssh/id_rsa.pub <<<<< Public Key

  • Copy the public key /home/testclient/.ssh/id_rsa.pub file to the remote system using following command. [3]

=> Login as testclient on the source system

=> Execute the following command to copy public key to the remote system 
    [testclient@centos-testclient ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub user01@192.168.0.6
    /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/testclient/.ssh/id_rsa.pub"
    Are you sure you want to continue connecting (yes/no)? yes
    /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    user01@192.168.0.6's password:   <<<<<< Enter Password of user01 of the remote system 

    Number of key(s) added: 1
    [...]

  • Above command creates an authorized_keys file on the remote system inside user01’s home directory as ~user01/.ssh/authorized_keys with following content. [4]
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxJi/qFpRjedjA+RU2QSgK63jJu4vVzVhzFhAwkrVNrDUWIYtHqqcnAh9Dm+IPr7VSA2LdEsSzrLJGIDpYSkBBBQOElVCg5+vxtTpD7p/P/mYv0Ay8s7QcxijrqhqoIlJcHaw52RzcMfiup0Sem0+8s5rY8FgLAZ28yZA5iG7kwv82dHP2yXBVWz51oCFz0C2FnM06adfstGxKuekVOD6Wz5Dr3r6N8zneicppaDNJ1tbucevogm9WXicBnptU5vrCmSl0r92tZsn7onzO9JDMW+RAJFKBH957Wciil/B6F9KVeZICS3l/Gvs2qpB5L2mEttm+WNSWZYd6+pw2Q2Wl testclient ssh client

  • Now validate passwordless login from source to destination from testclient user account [5]

    [testclient@centos-client ~]$ ssh user01@192.168.0.6
    
    <<< Login successful without password primpt >>>
    
    [user01@centos-server ~]$ id    ## Command executed on the server system after login
    uid=1001(user01) gid=1001(user01) groups=1001(user01) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
    
    <<< Logout from remote system >>>
    [user01@centos-testsrv ~]$ logout  
    Connection to localhost closed.

Note:
If name and location of of the private key is other than /home/testclient/.ssh/id_rsa execute the following command for passwordless login.

ssh -i <key path> user01@192.168.0.6


SFTP Passwordless login

For SFTP passwordles login, the procedure is same as above. There would be a slight change in procedure if don’t have login to the remote system.

If you have login available to the remote system, there is no change in the procedure. Execute the following command for passwordless log after copying the public key content to the remote system.

$ sftp user01@localhost
Connected to localhost.
sftp>

If you don’t have login to the remote SFTP server, after the RSA/DSA key generation, provide the public key to the remote server administrator. Remote admin will copy the public key content to remote user’s authorized_keys file to make passwordless login successful.

You May Also Like

avatar

About the Author: TekFik

TekFik is a technical blogging site helps techies and engineers to solve their day to day issues and also allows everyone to share knowledge and feedback. Please feel free to contact us at tekfik.rd@gmail.com if there is anything.

1 Comment

  1. Pingback: Jack

Leave a Reply

Your email address will not be published. Required fields are marked *