As a system administrator, you plan on using OpenSSH for Linux and automate your daily tasks such as transferring files or database dump file for the backup to another server. To achieve this goal, you need to log in automatically from the host A to host B. Login automatically mean you do not want to enter any password because you want to use ssh from a shell script.
In this article we’ll show you how to Setup SSH Login without Password on CentOS / RHEL. After automatic login has been configured, you can use it to move the file using SSH (Secure Shell) and secure copy (SCP).
SSH is open source and the most trusted network protocol which is used to login to the remote server. It is used by system administrators to execute commands, also used to transfer files from one computer to another over a network using SCP protocol.
After you setup SSH login without password, you can get the following advantages :
a) Automate your daily task via scripts.
b) If you login to your linux server using ssh key instead of normal loging using any user, it will enhance security of your linux server. This is one of the recommended method to prevent a brute force attack on virtual private server (VPS), SSH keys are nearly impossible to decipher by brute force alone.
What is ssh-keygen
ssh-keygen is a Unix utility that is used to generate, create, manage the public and private keys for ssh authentication. With the help of the ssh-keygen tool, a user can create passphrase keys for both SSH protocol version 1 and version 2. ssh-keygen creates RSA keys for SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2.
What is ssh-copy-id
ssh-copy-id is a script that copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also append the indicated identity file to that machine’s ~/.ssh/authorized_keys file and assigns proper permission to the remote-host’s home.
SSH keys provide better and secure way of logging into a linux server with SSH. After you run ssh-keygen, you will generate public key and private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password.
Setup SSH Login Without Password on CentOS and RHEL.
This steps tested on CentOS 5/6/7, RHEL 5/6/7 and Oracle Linux 6/7.
Node1 : 192.168.0.9
Node2 : 192.168.0.10
Step One :
Test the connection and access from node1 to node2 :
[root@node1 ~]# ssh firstname.lastname@example.org The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established. RSA key fingerprint is 6d:8f:63:9b:3b:63:e1:72:b3:06:a4:e4:f4:37:21:42. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts. email@example.com's password: Last login: Thu Dec 10 22:04:55 2015 from 192.168.0.1 [root@node2 ~]#
Step Two :
Generate public and private keys using ssh-key-gen. Please take note that you can increase security by protecting the private key with a passphrase.
[root@node1 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: b4:51:7e:1e:52:61:cd:fb:b2:98:4b:ad:a1:8b:31:6d firstname.lastname@example.org The key's randomart image is: +--[ RSA 2048]----+ | . ++ | | o o o | | o o o . | | . o + .. | | S . . | | . .. .| | o E oo.o | | = ooo. | | . o.o. | +-----------------+
Step Three :
Copy or transfer the public key to remote-host using ssh-copy-id command. It will append the indicated identity file to ~/.ssh/authorized_keys on node2 :
[root@node1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.0.10 email@example.com's password: Now try logging into the machine, with "ssh '192.168.0.10'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
Step Four :
Try SSH login without Password to node2 :
[root@node1 ~]# ssh firstname.lastname@example.org Last login: Sun Dec 13 14:03:20 2015 from www.ehowstuff.local
I hope this article gives you some ideas and quick guide on how to setup SSH login without password on Linux CentOS / RHEL.
I try to use SCP command on my CentOS 6.3 server, but the following error returned. According to wikipedia, SCP or Secure copy is a means of securely transferring computer files between a local host and a remote host or between two remote hosts and It’s based on the Secure Shell (SSH) protocol. The term SCP can refer to one of two related things, the SCP protocol or the SCP program.
[root@CentOS6.3 ~]# scp -bash: scp: command not found
To fix above error, you have to install openshh-clients in your CentOS 6.3 server as below :
[root@CentOS6.3 ~]# yum install openssh-clients -y
Just type scp command to get more options of the command :
[root@CentOS6.3 ~]# scp usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-S program] [[user@]host1:]file1 ... [[user@]host2:]file2 [root@CentOS6.3 ~]#
In this post, i will guide you on how to install scp command on CentOS 6.2. SCP is a secure copy (remote file copy program) and can copies files between hosts on a network.
You will get the following error if you don’t have scp command on your server.
[root@centos6 ~]# scp -bash: scp: command not found -rw-r--r-- 1 root root 0 2001-01-14 14:00:00.000000000 +0800 newtestfile1
Simply type this command to install scp.
[root@centos6 ~]# yum install openssh-clients Loaded plugins: fastestmirror Determining fastest mirrors * base: mirrors.hostemo.com * extras: mirrors.hostemo.com * updates: mirrors.hostemo.com CentOS6.2-Repository | 1.3 kB 00:00 ... CentOS6.2-Repository/primary | 1.2 MB 00:00 ... CentOS6.2-Repository 3042/3042 base | 3.7 kB 00:00 base/primary_db | 3.5 MB 00:33 extras | 3.5 kB 00:00 extras/primary_db | 5.4 kB 00:00 updates | 3.5 kB 00:00 updates/primary_db | 638 kB 00:05 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package openssh-clients.i686 0:5.3p1-70.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================ Package Arch Version Repository Size ============================================================================================ Installing: openssh-clients i686 5.3p1-70.el6 CentOS6.2-Repository 361 k Transaction Summary ============================================================================================ Install 1 Package(s) Total download size: 361 k Installed size: 1.0 M Is this ok [y/N]: y Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : openssh-clients-5.3p1-70.el6.i686 1/1 Installed: openssh-clients.i686 0:5.3p1-70.el6 Complete! -rw-r--r-- 1 root root 0 2001-01-14 14:00:00.000000000 +0800 newtestfile1
Start using scp command to transfer the file.
[root@centos6 ~]# scp usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-S program] [[user@]host1:]file1 ... [[user@]host2:]file2 -rw-r--r-- 1 root root 0 2001-01-14 14:00:00.000000000 +0800 newtestfile1