ssh without password in few simple steps

Passwordless access for ssh and sftp , How to do sftp & ssh without password – Step by Step

This a real life example of configuring passwordless access for two users . The user ‘web’ in this case needs a secure password less access to another user james in a server ‘devserver’
.

Follow the Steps to configure secure passwordless access 

Check the current ssh connectivity status for james@devserver from localhost

[web@localhost ~]$ ssh james@devserver
james@devserver’s password: 

Permission denied, please try again.
As expected it prompted for password
 

1. Generate the public key private key pair 
Generate the public key private key pair for the local host as following , Press enter for default file names and no
pass phrase options. The command here generates RSA type keys.

[web@localhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/web/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/web/.ssh/id_rsa.
Your public key has been saved in /home/web/.ssh/id_rsa.pub.
The key fingerprint is:
5e:30:d3:1a:00:c5:0b:29:96:ac:3e:42:20:dc:af:38 web@localhost.localdomain

You can run the command ssh-keygen from any directory but the id files will be generated in .ssh dir of user’s home directory.

2. Change directory to .ssh directory.

[web@localhost ~]$ cd /home/web.ssh

You will see two files starting with id_rsa. id_rsa is the private key and id_rsa.pub is public key. Check the date time stamp of these files to make sure these are the ones you generated recently.

/.ssh[web@localhost .ssh]$ ls -la
total 32
drwx—— 2 web web 4096 Dec 7 22:05 .
drwx—— 34 web web 12288 Dec 7 22:04 ..
-rw——- 1 web web 1675 Dec 7 22:05 id_rsa
-rw-r–r– 1 web web 407 Dec 7 22:05 id_rsa.pub
-rw-r–r– 1 web web 391 Dec 7 22:03 known_hosts

/.ssh[web@localhost .ssh]$ date
Tue Dec 7 22:05:45 PST 2010

3. Copy the rsa public key to the remote host . You have to copy the public key file in to .ssh of the user home directory and if .ssh directory is not there , create it as in the example below.
You need to enter sftp/ssh  password .

/.ssh[web@localhost .ssh]$ sftp james@devserver
Connecting to devserver…
james@devserver’s password:
sftp> pwd
Remote working directory: /home/james
sftp> cd .ssh
Couldn’t canonicalise: No such file or directory
sftp> mkdir .ssh
sftp> cd .ssh
sftp> put id_rsa.pub
Uploading id_rsa.pub to /home/james/.ssh/id_rsa.pub
id_rsa.pub 0% 0 0.0KB/s –:– ETAid_rsa.pub 100% 407 0.4KB/s 00:00
sftp> 

4. login to the remote host  with password

Once file is copied over , login to the remote host using ssh and password and go to .ssh directory under user home directory.
/.ssh[web@localhost .ssh]$ ssh james@devserver
james@devserver’s password:

james@devserver:~[james@devserver ~]$ cd .ssh
james@devserver:~/.ssh[james@devserver .ssh]$ pwd
/home/james/.ssh

james@devserver:~/.ssh[james@devserver .ssh]$ ls -l
total 4
-rw-r–r– 1 james james 407 Dec 7 22:06 id_rsa.pub

5. Rename the public key file to authorized_keys ;
if the authorized_keys file already exists then append the new keys to the existing file using,
cat id_rsa.pub >> authorized_keys .
Don’t use vi or editor to open , append and save these key files as any extra character/newline would corrupt these files.

james@devserver:~/.ssh[james@devserver .ssh]$ mv id_rsa.pub authorized_keys

You can see the contents using cat command
james@devserver:~/.ssh[james@devserver .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArVWhE0L2FXNvmggZgqmGU
LVrcE4X7WQr6scSuU5FCQUsXzYjyOL8FbUIIkBeLLMIrV7mYa+
xuszHcvnAho/42/e4r5by8LVMyh0AAo7nketemkO/2ZiUXZhww7tySxgcI5U5L5PDmTCyF7vxLlJ0rGb7Ky//DtpKrBui5P4gIrKBeiA2TlbEL9UrQZ8HgTU3iSGtfUXH0O
26iLSWi6Tf40hEazvvVYESHPSBjUPIMqUGabtz1kKMDQB5x
C+F2MZ4lUCmgK2NexrhVWOrp7ODS1GlKsjSv6NSxOIVW0je
V00ZW9Fvgz865g+fakBITqYP76ptPIVXEps+91ABRSwggQ== web@localhost.localdomain

6. Change the key file and directory permissions 

ssh is very sensitive to permissions so you have to change the key file and directory permissions for it to work.

6a : Change authorized_keys to 600 permissions

james@devserver:~/.ssh[james@devserver .ssh]$ chmod 600 authorized_keys
james@devserver:~/.ssh[james@devserver .ssh]$ ls -ltr
total 8
-rw-r–r– 1 james james 407 Dec 7 22:06 id_rsa.pub
-rw——- 1 james james 407 Dec 7 22:08 authorized_keys

james@devserver:~/.ssh[james@devserver .ssh]$ cd ..

6b : Change .ssh directory to 700 permission
james@devserver:~[james@devserver ~]$ chmod 700 .ssh

6c :Verify permissions and log out . 
james@devserver:~[james@devserver ~]$ logout
Connection to localhost closed.

8.  Moment of truth : Try a ssh

/.ssh[web@localhost .ssh]$ ssh james@devserver
Last login: Tue Dec 7 22:07:04 2010 from localhost.localdomain
james@devserver:~[james@devserver ~]$ pwd
/home/james

Here we have no password secure access working .

The most common problems  can be  

1. Incorrect permission for .ssh and authorized_keys file

2. Corrupt key file , regenerate and copy again.

10 Responses to ssh without password in few simple steps

  1. Pascal says:

    Worked exactly as outlined. Thank you.

  2. ben says:

    Nice and detailed. One quick comment. The above is how I did this for years and years. Then one time I had an issue with it not working. I had two hosts A and B and I wanted to configure them to ssh to each other. It worked one way, but not the other. And I would erase my files and restart from scratch repeatedly thinking a few extra characters got in there somehow and it still wouldn’t work.

    Finally I looked it up and there is a linux command “ssh-copy-id” that does the work for you much better than manual copying and that’s what ended up working for me (who said a salty old sysadmin cant’ learn new tricks?). Wrote about it here:

    http://geekswing.com/geek/unix/how-to-ssh-login-without-a-password-using-ssh-keygen-quick-tutorial/

  3. Well to be honest i didn’t even know that i could config ssh without a password and i’ve been using linux for over 3 years (lol). Thanks for taking your time to write about this, and I hope that more articles will come.

  4. Daniel says:

    Wow, so useful! Thanks.

  5. shanmuk says:

    hi thanks for the detailed report,but after doing all these,I was asked for password,

    even I tried the command sftp -o PasswordAuthentication=”no” username @remote server.

    Command failed saying permissiondenied(password)

    please help if you can.

  6. ryo wang says:

    thank you~ this works. so great!

  7. Amitabh says:

    Perfect and to the point

  8. Hi,

    The content is very clear and understandable.

    Thank you for this article.

    Thanks,
    K.Visuwa Bharathi

  9. bitterandstout says:

    ssh-copy-id is your friend..

  10. dinoideas says:

    If you needed further debug during sftp session, you may see if the RSA private key is being used for access, please type “sftp -vvv @”

    as the -v or -vv or -vvv or -vvvv will tell you the details of every process it does, it will help to debug if you encountered error.

Leave a Reply

Your email address will not be published. Required fields are marked *