How to enable password less authentication through SSH in Linux/Unix Servers


When we manage numerous servers, it is very difficult to remember the password of each server by an administrator. Another advantage to have a password less authentication is automation. When we run automation scripts to fetch the details of multiple remote servers, we may not be able to provide the password of each server in an effective way. Another usage of it is Ansible deployment. Ansbile uses password less authentication from control node to managed hosts for communication.

 Below the steps to enable password less authentication is Linux/Unix servers.

·         Login to server as the user which needs connection to other servers.
·         Generate a SSH key pair by ssh-keygen command.
This command may ask few questions or input from your side. Leave everything as default. Just keep on press enter key when it prompts for any input.

[user@local-server ~]$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hXEtLYBW/i1lE+fuKkxz0k8fMAdVcnEe9pdkuSkTAJU user@ansible-control-node
The key's randomart image is:
+---[RSA 2048]----+
|       o+o+=+ +BB|
|      o. +oEo*+==|
|     .  o .o+ +.*|
|         o + B +.|
|        S o.. B  |
|          +.o... |
|         o + o...|
|          o  .. .|
|           ..    |
+----[SHA256]-----+
[user@local-server ~]$

These key files will be available in .ssh directory resides in the home directory of the user.

[user@local-server ~]$ls -l ~/.ssh/
total 8
-rw------- 1 user user 1675 Apr  4 08:50 id_rsa
-rw-r--r-- 1 user user  407 Apr  4 08:50 id_rsa.pub
[user@local-server ~]$

·         Copy  the key to remote server by ssh-copy-id command. In the below case, my current user in the local-server will connect to remote-server as user “user”. Provide the password of remote user in the remote server when it asks for the same.

[user@local-server ~]$ssh-copy-id user@remote-server
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@remote-server's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'user@remote-server'"
and check to make sure that only the key(s) you wanted were added.

[user@local-server ~]$



If ssh-copy-id command does not work in your system, then copy the content of id_rsa.pub file and paste it in the .ssh/authorized_keys resides in the home directory of the remote user in remote server.

For example, to connect remote-server as user “user” from user@local-server, follow the below steps.

Copy the content which is highlighted below from the local-server of

[user@local-server ~]$cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZai74/F4A3eNO20PTW4agnS0zjm9cF+7U1AErdufBZl2NpIziP4JpGrbM/TQV0e73/YGmb603JsE3tj5glUJMx2tT4Jl1HjylIC7FvPdHfyGcaWsoybSWlLV4rH0HmIBIGVo06Qb72OOrWPBD2ZgIywbVuPeoqYbBvf7NhlJei2Tt1V+WWRgUycbNiWIb3Q+hUdCLpBEuiOBaDtUu7XY4MpQtiRSyjxr4rlN0eh52ODH7k6rgpDQaM3OiG0v3iDPadi6ZWsoeJApDXMjLEghUMwfT2OClBk8Q4Bi3ioC8FopeAowNRqL3RMGDoavPZqrQpYOun user@ansible-control-node
[user@local-server ~]$

And paste it into the file remote-server like below

[user@ remote-server ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZai74/F4A3eNO20PTW4S0zjm9cF+7U1AErdufBZl2NpIziP4JpGrbM/TQV0e73/YGmb603JsE3tj5glUJMx2tT4Jl1HjylIC7FvPdHfyGcaWsoybSW8NlLV4rH0HmIBIGVo06Qb72OOrWPBD2ZgIyuPeoqYb+zizk9DG0eXRGBvfei2Tt1V+WWRgUycbNiWIb3Q+hUdCLpBEuiOBaDtUu7XY4MpQtiRSyjxr4rlN0eh52ODH7k6rgpDQaM3OiG0v3iDPadi6ZWsoeJApDXMjLEghUMwfT2OClBk8Q4Bi3ioC8FopeAowNRqL3RMGDoavPZqrQpYOun user@ansible-control-node
[user@ remote-server ~]$

Ensure that the permission of .ssh directory as 700 and authorized_keys file as 600. Both the directory and file should be owned by the user “user” like below.

[user@remote-server ~]$ ls -ld .ssh
drwx------ 2 user user 29 Apr  4 08:53 .ssh
[user@ remote-server ~]$ ls -l .ssh/authorized_keys
-rw------- 1 user user 407 Apr  4 08:53 .ssh/authorized_keys
[user@ remote-server ~]$

Now you should be able to login to the server without any password like below.

[user@local-server ~]$ssh user@remote-server
Last login: Sat Apr  4 08:55:26 2020 from 192.168.1.71
[user@anslabsrv2 ~]$

Comments

Popular posts from this blog

AIX Firefox Installation

AIX Commands

How to increase swap size on CentOS 8 / RHEL 8

How to configure NTP in RHEL8 or CentOS 8 by chronyd.

System Administration

How to find big files in Linux, Unix, AIX

How to manage Linux systems through web browser (cockpit for Linux): CentOS 7, CentOS 8, RHEL 7, RHEL 8, Fedora, Ubuntu and Debian systems.

Remote X11 forwarding for AIX in command line.

How to enable VNC server (get GUI remotely) in CentOS 7, RHEL 7, CentOS 8 and RHEL 8 servers.

How to change Time Zone in CentOS 8, RHEL 8 and Ubuntu systems