Linux Passwordless Login with SSH

Setup SSH passwordless login across Linux servers

The purpose of this page is to provide instructions to enable you to login from one Linux/Unix system to another using public/private key pairs instead of password. This once setup you can then automate the transfer of files between systems

For the purposes of these directions the client machine is the one tyou are currently logged into while the server machine is the one you want to login to without a password.

1) One the client machine create a new .ssh directory under your home directory
mkdir .ssh
2) Change the permissions on the directory so only the owner can access the files
chmod 700 .ssh
3) Generate your public and private keys. This command is available on most Linux systems and my Solaris 10 system as well.
ssh-keygen

The keygen tool will ask you for a file location to save the key. It should default to the .ssh directory you created. It will also ask for a passphrase. There are some security implications to leaving the passphrase blank but if you are looking to login with a password just leave the passphrase blank.

In the .ssh directory you will now see two new files
a) id_rsa – this is your private key
b) id_rsa.pub – this is your public key

The permissions on these files should be correct, but you should make sure that the private key file is readable/writable only by the owner and the public key only writable by the owner but readable is acceptable for anyone,

4) Now login to the server using your normal shell access method.
5) On the server create a directory called .ssh (similar to the client directory you created earlier) in your home directory
mkdir .ssh
6) Set the permissions on the new directory
chmod 700 .ssh
7) cd into the new directory and create a new file called authorized_keys
touch authorized_key
8) change the permissions on this file
chmod 700 authorized_keys
9) Now you need to copy the contents of the public key you created on the client machine to the authorized_keys file on the server. You can use one of two methods depending on the installed tools on your system.

a) use the ssh-copy-id tool -> login to the client machine once again. Change dir to the .ssh directory then run the following command
ssh-copy-id –i id_rsa.pub user@servername
where user is your username on the server and servername is the name of the server. The tool will ask for your password on the server before it will install the key.

b) ftp the public key to the server -> you can ftp in either direction. We will get the public key from the client while on the server. From your home directory on the server
sftp user@ clientmachine

You may see a message that the authenticity of the host cannot be verified, and a message about the fingerprint of the server. You can continue connecting. At the ftp prompt change dir to .ssh Then get the id_rsa.pub key. Then exit ftp
cd .ssh
get id_rsa.pub
exit

Your public key from the client is now in your home directory on the server. To add the public key to the servers authorized_keys file
cat id_rsa.pub >> ~/.ssh/authorized_keys

Now remove the public key file that you ftp’d from the client
rm ~/id_rsa.pub

10) if your username is the same on both systems you can simply
ssh servername
To login. If your username is different on the client and server then you can user
ssh user@servername
In both cases you should not be prompted for a password. You can also use this method for sftp