ssh Without Password in Few Simple Steps

How to configure passwordless ssh &sftp access in Unix & Linux systems? Follow these simple steps with examples with a basic troubleshooting section at the end. sftp uses underlaying ssh access for authentication and after you establish passwordless ssh access you will have passwordless sftp access as well.

This a real life example of configuring passwordless access for two users . The user ‘web’ in this case needs a secure password less access to another user james in a server ‘devserver’

How to do ssh without password & sftp without password

Follow the Steps to configure secure passwordless access 

To begin, Lets check the current ssh & sftp connectivity status for [email protected] from localhost

[[email protected] ~]$ ssh [email protected]
[email protected]’s password: 
[[email protected] ~]$ sftp [email protected]
[email protected]’s password: 

As expected it prompted for password

1. Generate the public key private key pair 

Generate the public key private key pair for the local host as following, Press enter for default file names and no
pass phrase options. The command here generates RSA type keys.
You can run the command ssh-keygen from any directory but the id files will be generated in .ssh dir of user’s home directory.

[[email protected] ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/web/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/web/.ssh/id_rsa.
Your public key has been saved in /home/web/.ssh/
The key fingerprint is:
5e:30:d3:1a:00:c5:0b:29:96:ac:3e:42:20:dc:af:38 [email protected]

2. Change directory to .ssh directory of user .

You will see two files starting with id_rsa. id_rsa is the private key and is public key. Check the date time stamp of these files to make sure these are the ones you generated recently.

[[email protected] ~]$ cd /home/web/.ssh

.ssh[[email protected] .ssh]$ ls -la
total 32
drwx—— 2 web web 4096 Dec 7 22:05 .
drwx—— 34 web web 12288 Dec 7 22:04 ..
-rw——- 1 web web 1675 Dec 7 22:05 id_rsa
-rw-r–r– 1 web web 407 Dec 7 22:05
-rw-r–r– 1 web web 391 Dec 7 22:03 known_hosts

Check the date to be sure of current generated files.

3. Copy the rsa public key to the remote host

Copy the public key file from above example to .ssh of the user home directory and if .ssh directory is not there , create it as in the example below. You need to enter sftp/ssh  password as passwordless access is not setup yet..

/.ssh[[email protected] .ssh]$ sftp [email protected]
Connecting to devserver…
[email protected]’s password:
sftp> pwd
Remote working directory: /home/james
sftp> cd .ssh
Couldn’t canonicalise: No such file or directory
sftp> mkdir .ssh
sftp> cd .ssh
sftp> put
Uploading to /home/james/.ssh/ 0% 0 0.0KB/s –:– 100% 407 0.4KB/s 00:00

4. login to the remote host  with password

Once file is copied over , login to the remote host using ssh and password and go to .ssh directory under user home directory.

/.ssh[[email protected] .ssh]$ ssh [email protected]
[email protected]’s password:

[email protected]:~[[email protected] ~]$ cd .ssh
[email protected]:~/.ssh[[email protected] .ssh]$ pwd

[email protected]:~/.ssh[[email protected] .ssh]$ ls -l
total 4
-rw-r–r– 1 james james 407 Dec 7 22:06

5. Rename the public key file,, to authorized_keys ;

Rename or append to file corresponding to the ssh protocol version in your system , User ssh -V to find out the ssh version

SSH protocols 1.3 and 1.5 uses file name as authorized_keys
SSH protocol 2.0 uses file name as authorized_keys2

if the authorized_keys file already exists then append the new keys to the existing file using,

cat >> authorized_keys .
Don’t use vi or editor to open , append and save these key files as any extra character/newline would corrupt these files.

[email protected]:~/.ssh[[email protected] .ssh]$ mv authorized_keys

You can see the contents using cat command
[email protected]:~/.ssh[[email protected] .ssh]$ cat authorized_keys
V00ZW9Fvgz865g+fakBITqYP76ptPIVXEps+91ABRSwggQ== [email protected]

6. Change the key file and directory permissions 

ssh is very sensitive to permissions so you have to change the key file and directory permissions exactly as required for it to work.

6a. Change authorized_keys to 600 permissions

[email protected]:~/.ssh[[email protected] .ssh]$ chmod 600 authorized_keys
[email protected]:~/.ssh[[email protected] .ssh]$ ls -ltr
total 8
-rw-r–r– 1 james james 407 Dec 7 22:06
-rw——- 1 james james 407 Dec 7 22:08 authorized_keys

[email protected]:~/.ssh[[email protected] .ssh]$ cd ..

6b. Change .ssh directory to 700 permission

[email protected]:~[[email protected] ~]$ chmod 700 .ssh

6c. Verify permissions and log out . 

[email protected]:~[[email protected] ~]$ logout
Connection to localhost closed.

7.  Moment of truth : Try a ssh or sftp

/.ssh[[email protected] .ssh]$ ssh [email protected]
Last login: Tue Dec 7 22:07:04 2010 from localhost.localdomain
[email protected]:~[[email protected] ~]$ pwd
/.ssh[[email protected] .ssh]$ sftp [email protected]

8. Troubleshooting ssh/sftp access  

If you are still getting password prompt, The most common problems can be

  1. Incorrect permission for .ssh directory and authorized_keys / authorized_keys2 file
  2. Corrupt key file, regenerate and copy again.
  3. Space,character or line inserted or truncated during appending to existing file. Don’t copy keys manually but do a cat new_keys >> authorized_keys ; For new files copy the file and rename , don’t manually copy paste contents.

11 Responses to ssh Without Password in Few Simple Steps

  1. Pascal says:

    Worked exactly as outlined. Thank you.

  2. ben says:

    Nice and detailed. One quick comment. The above is how I did this for years and years. Then one time I had an issue with it not working. I had two hosts A and B and I wanted to configure them to ssh to each other. It worked one way, but not the other. And I would erase my files and restart from scratch repeatedly thinking a few extra characters got in there somehow and it still wouldn’t work.

    Finally I looked it up and there is a linux command “ssh-copy-id” that does the work for you much better than manual copying and that’s what ended up working for me (who said a salty old sysadmin cant’ learn new tricks?). Wrote about it here:

  3. Well to be honest i didn’t even know that i could config ssh without a password and i’ve been using linux for over 3 years (lol). Thanks for taking your time to write about this, and I hope that more articles will come.

  4. Daniel says:

    Wow, so useful! Thanks.

  5. shanmuk says:

    hi thanks for the detailed report,but after doing all these,I was asked for password,

    even I tried the command sftp -o PasswordAuthentication=”no” username @remote server.

    Command failed saying permissiondenied(password)

    please help if you can.

  6. ryo wang says:

    thank you~ this works. so great!

  7. Amitabh says:

    Perfect and to the point

  8. Hi,

    The content is very clear and understandable.

    Thank you for this article.

    K.Visuwa Bharathi

  9. bitterandstout says:

    ssh-copy-id is your friend..

  10. dinoideas says:

    If you needed further debug during sftp session, you may see if the RSA private key is being used for access, please type “sftp -vvv @”

    as the -v or -vv or -vvv or -vvvv will tell you the details of every process it does, it will help to debug if you encountered error.

Leave a Reply

Your email address will not be published. Required fields are marked *