Passwordless Authentication for SSH

Note: This post is for Linux and Macintosh OS.

Purpose of this article is to exchange “keys” between your machine and a remote server so that you can login without a password. After this procedure, you will not need to enter password for commands like ssh, scp, sftp, rsync, etc.

Perform the following steps:

1. Open terminal/command prompt on your machine

In Linux/Mac, open an application named “Terminal.

For SSH to work, SSH access must be opened on the server beforehand.

2. Generating key-pairs (one-time operation)

This is needed if you are doing this the first time!

Run the following command  to generate a pair of public & private keys using the RSA algorithm. If you want to use DSA just replace the last argument “-t rsa” with “-t dsa”

ssh-keygen -t rsa

The command may prompt you for input. Just keep hitting the “enter” key till you get the command-prompt back.

You can check the generated key pair by viewing the “.ssh” directory under your home directory.

ls -l ~/.ssh

An example output is shown:

-rw-r--r--  1 rahul  staff   412 Jan 30  2009 authorized_keys
-rw-------  1 rahul  staff  1675 Jan 27  2009 id_rsa
-rw-r--r--  1 rahul  staff   412 Jan 27  2009 id_rsa.pub
-rw-r--r--  1 rahul  staff  8031 Apr 23 15:03 known_hosts

Number of files may vary. All we need are the id_rsa and id_rsa.pub files.

3. Adding you public key to the server’s “authorized_keys” list

Like your system, on server also, under each users home directory, there exists a hidden directory called “.ssh”.

Inside server’s .ssh folder,  there may be similar files as we have seen above. The only file we are interested in is the authorized_keys file.

We have to add our public key (content of id_rsa.pub file) to the authorized_keys file on the server.

Run the following command to do this:

cat ~/.ssh/id_rsa.pub | ssh [email protected] "cat - >> ~/.ssh/authorized_keys"

Make sure you replace [email protected] with your actual username and domain name.

On running the above command, you will be prompted for the password (one last time).

Just enter your your SSH/SFTP/FTP password for the “username” on example.com

4. Testing Passwordlesss Authentication

If you have followed every step till now, it is time to test everything.

Just run the following command with [email protected] replaced by actual username and domain name.

ssh [email protected]

On running above command, you should get a shell on server without being asked for a password!

Automating whole thing!

If you want to access/manage many servers frequently, it will be tiresome to run all above commands again and again.

We can automate everything by creating a small script for our own usage. (Thanks to this article)

I am assuming that you have already generated a key pair as mentioned in step #1 above.

**Now perform the following steps only once! **

Create a file called ssh-install-key under the “.ssh” folder under your home directory using the following command.

echo "cat ~/.ssh/id_rsa.pub | ssh ${1} "cat - >> ~/.ssh/authorized_keys""  >  ~/.ssh/ssh-install-key

Make this file executable by running the following command:

chmod u+x ~/.ssh/ssh-install-key

Enabling Passwordless authentication using “ssh-install-key”

Now each time you need to add a server, just run the following command:

~/.ssh/ssh-install-key [email protected]

It may ask for a password once. Just enter your password.

After this you can simply login using the following command, of course without any password.

ssh [email protected]

ssh-install-key is basically an “easy-to-use and remember” shortcut for command mentioned in step #3 above.