How to Setup Secure SSH Without Password on Linux CentOS

This quick post will show the steps to setup SSH access without password, but with passphrase key on Linux CentOS. After completely performed the following steps, you can ssh from one system to another without specifying any password. This steps has been tested on CentOS 6.3 and may working on other CentOS versions and Redhat Enterprise linux versions as well.

Client = 192.168.1.54
Server = 192.168.1.55

1. Create Public and private keys from openssh and save it :

[root@client ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
9c:41:a8:b5:d1:7f:64:c5:91:89:38:bf:5a:4c:30:16 root@centos63.ehowstuff.local
The key's randomart image is:
+--[ RSA 2048]----+
|       o. Eo +o+ |
|      +.. * + +  |
|     o o.o B     |
|    . .. o. +    |
|        S  + .   |
|            +    |
|           o     |
|          .      |
|                 |
+-----------------+
[root@client ~]# ls -l /root/.ssh/
total 8
-rw------- 1 root root 1743 Oct  4 23:04 id_rsa
-rw-r--r-- 1 root root  411 Oct  4 23:04 id_rsa.pub

2. Change the mode of public key :

[root@client ~]# chmod 600 /root/.ssh/id_rsa.pub
[root@client ~]# ls -l /root/.ssh/
total 8
-rw------- 1 root root 1743 Oct  4 23:04 id_rsa
-rw------- 1 root root  411 Oct  4 23:04 id_rsa.pub

3. Make a .ssh directory in the home of the user on server :

[root@server ~]# mkdir .ssh
[root@server ~]# cd .ssh/
[root@server .ssh]# pwd
/root/.ssh

4. From Client, transport the key to the server :

[root@client .ssh]# scp id_rsa.pub root@192.168.1.55:/root/.ssh/
The authenticity of host '192.168.1.55 (192.168.1.55)' can't be established.
RSA key fingerprint is 71:fc:a2:51:b3:ed:bc:7b:68:ec:9e:51:a8:04:ab:fd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.55' (RSA) to the list of known hosts.
root@192.168.1.55's password:
id_rsa.pub                                                        100%  411     0.4KB/s   00

5. Change the key to authorized key in .ssh folder :

[root@server ~]# cd .ssh/
[root@server .ssh]# pwd
/root/.ssh
[root@server .ssh]# cat id_rsa.pub >>authorized_keys
[root@server .ssh]# ls
authorized_keys  id_rsa.pub

View the authorized_keys :

[root@ldap .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqToSfMUihcL/lFA6chuVTO77FAHNJFs102lULCVS8XwLFoDbauHdk61x3/rAHDj1HSFbb/heuHUdRndT1CJvSaK+lZ6mKMqvfqlGBvgcF+9t0+Mx3/8Nwaoy891bmiRV81UA8ywwSGx/hw6+LgLTn0F1dh+bhezdAyIV+WMM6QUW9v6APncLw0EtbZX/IMuJCizT+ka+yUgxRB8nteTKYyG1/fCwo7utKBD9Sypt4VBvMFIcoKhIoTzhAxUDxXwmOGn5mUB8aDLzUsf3eJuGOMLVH/k+zByt6tfZ9V/EFUMOVmXV33XCgewJa6RiUm0aXnmYWd722ju/tZyFqzip1w== root@client.ehowstuff.local

6. Now Connect your server without passsword but with the passphrase key :

[root@client ~]# ssh root@192.168.1.55
Enter passphrase for key '/root/.ssh/id_rsa':
Last login: Thu Oct  4 23:08:17 2012 from 192.168.1.52
[root@server ~]#

How to Fix “scp: command not found” on CentOS 6.2/RHEL 6

I get the following error when I try to use SCP command line on CentOS linux server. SCP command is usually used to safely copy files and directories between the remote host without FTP sessions or log in to a remote system directly. SCP command line utility uses SSH to transfer data, so it requires a password or passphrase for confirmation before proceeding with the transfer.

-bash: scp: command not found

The above issue is related to openshh. There are two openssh packages that usually exist on the linux, openssh-server and openssh-clients. You can use the telnet command to check whether the openssh server has been installed or not.

[root@centos62 ~]# telnet localhost 22
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3

Above telnet command shows that openssh-server has been installed. Therefore, the problem on “scp: command not found” is due to openssh-clients not installed.

Verify the installed package :

[root@centos62 ~]# rpm -qa | grep openssh-*
openssh-server-5.3p1-70.el6.i686
openssh-5.3p1-70.el6.i686

To install openssh-clients, execute the following command :

[root@centos62 ~]# yum install openssh-clients -y

Then try to run scp command :

[root@centos62 ~]# scp
usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
           [-l limit] [-o ssh_option] [-P port] [-S program]
           [[user@]host1:]file1 ... [[user@]host2:]file2

If you have been returned to the scp message above, that’s mean your openssh-clients package has been installed successfully.

How to SSH Without Password on Linux

In this post, i will share with you the steps on how to setup and configure linux servers to allow SSH without password. After completely performed the following steps, you can ssh from one system to another without specifying a password. With this, you can automate your tasks such as automatically copy data from server1 to server2. This steps has been tested on CentOS 6.2 and may working on other CentOS versions and Redhat Enterprise linux versions as well.

Notes:
-Client server is server2. This is where ssh session is started via the ssh command.
-Main server is server1. This is where ssh session from server2 will be connects to.
-This steps has been tested using root account on CentOS 6.2.

1. Add and configure /etc/hosts for both servers (ssh client and ssh server) :

[root@server1 ~]# vi /etc/hosts
[root@server2 ~]# vi /etc/hosts

Add this lines to /etc/hosts on both servers (ssh client and ssh server) :

192.168.1.44 server1
192.168.1.48 server2

2. Login as a root to server2 and create hidden directory called ssh under your account. This steps has been tested using root account :

[root@server2 ~]# mkdir -p $HOME/.ssh

Set permission as below :

[root@server2 ~]# chmod 0700 $HOME/.ssh

3. Configure SSH Keys Authentication by typing the following command :

[root@server2 ~]# ssh-keygen

Whatever it appears just press enter until it ends, press enter for passphase as well :

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
83:20:f0:1d:11:db:7e:e9:be:d6:ed:a2:e7:f1:ac:34 root@server2
The key's randomart image is:
+--[ RSA 2048]----+
|.   +o           |
| o . +           |
|  o + .          |
|   . o . .       |
|      o S        |
|       o .       |
|        ..E.     |
|       ...+=.    |
|       .+=o++    |
+-----------------+

4. Check what files that was produced by ssh-keygen command. Normally it’s automatically stored under $HOME/.ssh :

[root@server2 ~]# ls $HOME/.ssh
id_rsa  id_rsa.pub

5. Login as a root to server1 and create hidden directory called ssh under your account :

[root@server1 ~]# mkdir -p $HOME/.ssh

Set permission as below :

[root@server1 ~]# chmod 0700 $HOME/.ssh

6. From server2, copy over the id_rsa.pub (public key) to server1 :

[root@server2 ~]# scp $HOME/.ssh/id_rsa.pub root@server1:$HOME/.ssh
The authenticity of host 'server1 (192.168.1.44)' can't be established.
RSA key fingerprint is 71:fc:a2:51:b3:ed:bc:7b:68:ec:9e:51:a8:04:ab:fd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server1' (RSA) to the list of known hosts.
root@server1's password:
id_rsa.pub                                                        100%  394    

7. On server1, enter ssh directory and execute these commands :

[root@server1 ~]# cd $HOME/.ssh

Export id_rsa.pub key to authorized_keys

[root@server1 .ssh]# cat id_rsa.pub >> $HOME/.ssh/authorized_keys

Set permission as below :

[root@server1 .ssh]# chmod 0600 $HOME/.ssh/authorized_keys

8. Your have successfully configure and allow ssh without password. From now on you can log into server1 as root from server2 without any password :

[root@server2 ~]# ssh root@server1