This post will explain how to setup SSH passwordless login on Linux using keys to connect to remote Linux servers without entering a password on RHEL-based Linux distributions like CentOS, Fedora, Rocky Linux, and AlmaLinux, and Debian-based editions like Ubuntu & Mint.
Introduction
One of the greatest methods for managing activities like remote server access and management, file synchronization, and automated backups is SSH. An asymmetric encryption technique called SSH passwordless login uses a set of public and private keys for authentication. Only clients presenting their private keys can establish a connection to the server, which has the public key. Whether SSH keys is used or not, there are still some issues with SSH, such as:
- New credentials (passwords or keys) must be made and old ones discarded when employees come and go.
- Rotating credentials is a necessary yet time-consuming procedure that is frequently neglected.
- Access auditing can be difficult. Communication that is encased in an SSH tunnel is more secure, but it is also more challenging to monitor and manage.
Pre-requisite
In this example, we will configure an automatic SSH password-less login between two linux nodes. You are free to use any linux flavor however I will use Rocky Linux based server nodes. If you need support to install OS please follow How to Install Rocky Linux
- Server 192.168.255.126 (Node A) with user “labadmin”
- Server 192.168.255.129 (Node B) with user “labuser”
SSH Passwordless Setup
Let us now proceed with the SSH setup between both the above nodes by following the steps
Creating keys on Node A
Login to the server 192.168.255.126 (Node A) using the user “labadmin” and run the below commands to generate a pair public keys
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/labadmin/.ssh/id_rsa): [Press enter key]
Created directory '/home/labadmin/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/labadmin/.ssh/id_rsa.
Your public key has been saved in /home/labadmin/.ssh/id_rsa.pub.
The key fingerprint is:
5g:ae:30:00:8b:d1:9b:98:b3:b0:f8:08:99:c4:ed:d3 labadmin@linuxquery.org
The key's randomart image is:
+--[ RSA 2048]----+
| ..oooE.++|
| o. o.o |
| .. . |
| o . . o|
| S . . + |
| . . . o|
| . o o ..|
| + + |
| +. |
+-----------------+With the initial step to set up SSH passwordless login using ssh keygen completed, you now have two files:
- id_rsa contains the private key.
- id_rsa.pub contains the public key.
Uploading the key to Node B
Login to Node A (192.168.255.126) and copy the public key ( id_rsa.pub) generated from the above command to the Node B (192.168.255.129) under labuser’s SSH directory which is /home/labuser/.ssh in the file named authorized_keys. You can acheive this using the below command
$ ssh-copy-id labuser@192.168.255.129Login to Node B to make sure that correct permission is present on ~/.ssh/ directory and the file ~/.ssh/authorized_keys of the Node B
$ ssh labuser@192.168.255.129 "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"Testing the passwordless Login from Node A
Login to the Node A (192.168.255.129 ) as “labadmin” user and try to connect to the Node B (192.168.255.129) with “labuser” user and it should not prompt for a password. You will be able to login to the Node B using the SSH key
$ ssh labuser@192.168.255.129
Last login: Jan 10 14:09:33 2024 from 192.168.255.126
$You can verify the if you have logged in to the Node B using the below two command verifying the IP and username
$ hostname --ip-address
192.168.255.129
$ whoami
labuserOptional Step : Disable the Password based Login
You can restrict only to use SSH key authentication and disable password authentication on the remote server for enhanced security. Open the SSH server configuration file on the remote server (Node B) to accomplish this:
$ sudo vi /etc/ssh/sshd_configMove to the line PasswordAuthentication and set it to no
PasswordAuthentication noSave the file and exit followed by a restart of the SSH service
$ sudo systemctl restart sshd
Conclusion
This article has shown you how to use an SSH key to set up an SSH passwordless login. Using SSH key pairs is just one method of automating password-free authentication. On a network with centralized user management, using the Generic Security Services Application Program Interface (GSSAPI) authentication is also typical when attempting to minimize the need of passwords. Implementing SSH key pairs is a simpler approach in cases when single sign-on (SSO) is not yet available. SSH keys are required to gain access to many source code repositories.