How to Setup SSH Login Without Password CentOS / RHEL

SSH Login Without Password

As a system administrator, you plan on using OpenSSH for Linux and automate your daily tasks such as transferring files or database dump file for the backup to another server. To achieve this goal, you need to log in automatically from the host A to host B. Login automatically mean you do not want to enter any password because you want to use ssh from a shell script.

In this article we’ll show you how to Setup SSH Login without Password on CentOS / RHEL. After automatic login has been configured, you can use it to move the file using SSH (Secure Shell) and secure copy (SCP).

SSH is open source and the most trusted network protocol which is used to login to the remote server. It is used by system administrators to execute commands, also used to transfer files from one computer to another over a network using SCP protocol.

After you setup SSH login without password, you can get the following advantages :

a) Automate your daily task via scripts.
b) If you login to your linux server using ssh key instead of normal loging using any user, it will enhance security of your linux server. This is one of the recommended method to prevent a brute force attack on virtual private server (VPS), SSH keys are nearly impossible to decipher by brute force alone.

See also  How to Secure OpenSSH (SSHD) on Linux

What is ssh-keygen

ssh-keygen is a Unix utility that is used to generate, create, manage the public and private keys for ssh authentication. With the help of the ssh-keygen tool, a user can create passphrase keys for both SSH protocol version 1 and version 2. ssh-keygen creates RSA keys for SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2.

What is ssh-copy-id

ssh-copy-id is a script that copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also append the indicated identity file to that machine’s ~/.ssh/authorized_keys file and assigns proper permission to the remote-host’s home.

SSH keys

SSH keys provide better and secure way of logging into a linux server with SSH. After you run ssh-keygen, you will generate public key and private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password.

See also  How to Enable a Warning SSH Banner on CentOS 6.3

Setup SSH Login Without Password on CentOS and RHEL.

This steps tested on CentOS 5/6/7, RHEL 5/6/7 and Oracle Linux 6/7.

Node1 : 192.168.0.9
Node2 : 192.168.0.10

Step One :
Test the connection and access from node1 to node2 :

[root@node1 ~]# ssh root@192.168.0.10
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.
RSA key fingerprint is 6d:8f:63:9b:3b:63:e1:72:b3:06:a4:e4:f4:37:21:42.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.
root@192.168.0.10's password:
Last login: Thu Dec 10 22:04:55 2015 from 192.168.0.1
[root@node2 ~]#

Step Two :
Generate public and private keys using ssh-key-gen. Please take note that you can increase security by protecting the private key with a passphrase.

[root@node1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b4:51:7e:1e:52:61:cd:fb:b2:98:4b:ad:a1:8b:31:6d root@node1.ehowstuff.local
The key's randomart image is:
+--[ RSA 2048]----+
|          . ++   |
|         o o  o  |
|        o o o  . |
|       . o + ..  |
|        S   .  . |
|         .   .. .|
|        o E oo.o |
|         = ooo.  |
|        . o.o.   |
+-----------------+

Step Three :
Copy or transfer the public key to remote-host using ssh-copy-id command. It will append the indicated identity file to ~/.ssh/authorized_keys on node2 :

[root@node1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.0.10
root@192.168.0.10's password:
Now try logging into the machine, with "ssh '192.168.0.10'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Step Four :
Try SSH login without Password to node2 :

[root@node1 ~]# ssh root@192.168.0.10
Last login: Sun Dec 13 14:03:20 2015 from www.ehowstuff.local

I hope this article gives you some ideas and quick guide on how to setup SSH login without password on Linux CentOS / RHEL.

See also  How to change the default SSH port in Linux

Reference

 

Comments

3 Comments

  • Avatar Chris David says:

    Regardless of speed, you should never expose SMB outside of your network as it’s not very secure – that’s why SMBv1 was removed from any new Windows machines by default, and why SMBv2 is not far behind.

  • Avatar SAF says:

    Hi Dimitri,

    Thanks for your good tutorial.

    However, I am trying to access localhost from localhost. That is, both node 1 and node 2 are localhosts (doing this to run Hadoop). But it does not seem to work. I always get asked for the password. Do you have any solutions?

    • Avatar Dmitry says:

      It seems like you’re trying to set up a passwordless SSH login between two nodes, both of which are running locally in your case. The instructions below would typically apply to distinct nodes, but they should also work for your situation.

      Here’s how you can do it:

      1. Create SSH Key

      First, you need to create an SSH key on Node1, which in your case is the localhost. Open your terminal and run the following command:

      >> ssh-keygen -t rsa

      This will prompt you to enter the location where you want to save the newly created SSH key. You can press enter here to accept the default location (~/.ssh/id_rsa). You will be asked to set a passphrase, you can also press enter to leave it empty.

      2. Copy the SSH Key to Node2

      Next, you need to copy the SSH key you just created on Node1 to Node2. You can do this by using the ssh-copy-id command. Run this command on Node1:

      >> ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.0.10

      This command tries to log into Node2 (192.168.0.10) as the root user, and append the content of Node1’s public key (~/.ssh/id_rsa.pub) into the ~/.ssh/authorized_keys file of Node2.

      In your case, since Node1 and Node2 are the same (localhost), you might just manually append the public key content to the ~/.ssh/authorized_keys file:

      >> cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

      3. Modify the Permission

      For the authorized_keys file to work properly, its permission should be set to 600 (rw——-). Use the following command on Node2 (or localhost in your case) to set the permission:

      >>chmod 600 ~/.ssh/authorized_keys

      4. Test the Setup

      Now, you should be able to log in to Node2 from Node1 via SSH without being prompted for a password. You can test this by using the SSH command to access Node2 from Node1:

      >> ssh root@192.168.0.10

      In your case, you could use ssh root@localhost.

      Make sure the SSH service is running on your machine, and the firewall (if there is any) isn’t blocking SSH connections.

Leave a Reply

Your email address will not be published. Required fields are marked *