Passwordless Authentication for SSH

Note: This post is for Linux and Macintosh OS.

Purpose of this article is to exchange “keys” between your machine and a remote server so that you can login without a password. After this procedure, you will not need to enter password for commands like ssh, scp, sftp, rsync, etc.

Perform the following steps:

1. Open terminal/command prompt on your machine

In Linux/Mac, open an application named “Terminal.

For SSH to work, SSH access must be opened on the server beforehand.

2. Generating key-pairs (one-time operation)

This is needed if you are doing this the first time!

Run the following command  to generate a pair of public & private keys using the RSA algorithm. If you want to use DSA just replace the last argument “-t rsa” with “-t dsa”

ssh-keygen -t rsa

The command may prompt you for input. Just keep hitting the “enter” key till you get the command-prompt back.

You can check the generated key pair by viewing the “.ssh” directory under your home directory.

ls -l ~/.ssh

An example output is shown:

-rw-r--r--  1 rahul  staff   412 Jan 30  2009 authorized_keys
-rw-------  1 rahul  staff  1675 Jan 27  2009 id_rsa
-rw-r--r--  1 rahul  staff   412 Jan 27  2009
-rw-r--r--  1 rahul  staff  8031 Apr 23 15:03 known_hosts

Number of files may vary. All we need are the id_rsa and files.

3. Adding you public key to the server’s “authorized_keys” list

Like your system, on server also, under each users home directory, there exists a hidden directory called “.ssh”.

Inside server’s .ssh folder,  there may be similar files as we have seen above. The only file we are interested in is the authorized_keys file.

We have to add our public key (content of file) to the authorized_keys file on the server.

Run the following command to do this:

cat ~/.ssh/ | ssh [email protected] "cat - >> ~/.ssh/authorized_keys"

Make sure you replace [email protected] with your actual username and domain name.

On running the above command, you will be prompted for the password (one last time).

Just enter your your SSH/SFTP/FTP password for the “username” on

4. Testing Passwordlesss Authentication

If you have followed every step till now, it is time to test everything.

Just run the following command with [email protected] replaced by actual username and domain name.

ssh [email protected]

On running above command, you should get a shell on server without being asked for a password!

Automating whole thing!

If you want to access/manage many servers frequently, it will be tiresome to run all above commands again and again.

We can automate everything by creating a small script for our own usage. (Thanks to this article)

I am assuming that you have already generated a key pair as mentioned in step #1 above.

**Now perform the following steps only once! **

Create a file called ssh-install-key under the “.ssh” folder under your home directory using the following command.

echo "cat ~/.ssh/ | ssh ${1} "cat - >> ~/.ssh/authorized_keys""  >  ~/.ssh/ssh-install-key

Make this file executable by running the following command:

chmod u+x ~/.ssh/ssh-install-key

Enabling Passwordless authentication using “ssh-install-key”

Now each time you need to add a server, just run the following command:

~/.ssh/ssh-install-key [email protected]

It may ask for a password once. Just enter your password.

After this you can simply login using the following command, of course without any password.

ssh [email protected]

ssh-install-key is basically an “easy-to-use and remember” shortcut for command mentioned in step #3 above.