How to SSH without password
This simple tutorial explains how to SSH to a remote machine without typing your password. You can use this technique if you find yourself logging in to the same machine frequently and find typing your password tedious. It is also useful in scenarios when you have a script which needs to pull some files from a remote machine or perform a task on a remote machine via SSH, and you want to run this script automatically without having a human to type a password.
These instructions work on Linux and Mac. You can achieve the same result on Windows using Putty, but I haven’t documented the putty specific instructions here.
Goal: to login from local machine to Remote server via ssh without typing password
Step 1 of 2 : On local machine: Generate Authentication Keys
Authentication keys are a pair of private and public keys. The public key is [like] your login. Unlike a conventional login name, the public key is 2-3 lines long and looks like gibberish. Don’t worry, you never have to type it manually. Your private key is [like] your password, but much longer that a regular password. You can generate your public and private keys by typing the following command:
ssh-keygen -t rsa
Generating public/private rsa key pair. Enter file in which to save the key (/home/vineetmanohar/.ssh/id_rsa):
Accept the default choice. Hit enter.
Enter passphrase (empty for no passphrase): Enter same passphrase again:
Hit enter twice. A passphrase encrypts your private key so that no one can see it. However, you should NOT encrypt your private key if you want a password-less login.
The key fingerprint is: 5e:26:52:34:a1:22:18:68:11:11:7d:8d:c6:d5:4b:bf vineetmanohar@vineetmanohr.com
What just happened?
On your local server you just created 2 files in your ~/.ssh directory.
cd ~/.ssh ls -l
-rw------- 1 vineetmanohar vineetmanohar 1675 2009-07-17 17:27 id_rsa -rw-r--r-- 1 vineetmanohar vineetmanohar 411 2009-07-17 17:27 id_rsa.pub
id_rsa contains your private key. id_rsa.pub contains your public key.
Step 2 of 2 : On remote machine: authorize password less login
Login to remote machine
ssh hostname -l username
The authenticity of host 'vineetmanohar.com (XXX.XXX.XXX.XX)' can't be established. RSA key fingerprint is 44.2b:93:ce:1b:1b:99:3a:6d:91:d1:50:aa:0d:87:40. Are you sure you want to continue connecting (yes/no)?
Type yes and hit enter.
Warning: Permanently added 'vineetmanohar.com,XXX.XXX.XXX.XX' (RSA) to the list of known hosts. username@vineetmanohar.com's password:
Enter your password, and hit enter.
Create a .ssh directory on the remote machine and create a .authorized_keys file in that directory. You need to copy the entire contents of your local machine’s ‘id_rsa.pub’ and paste it in the .authorized_keys file on the remote server.
mkdir -p .ssh chmod 700 .ssh cd .ssh touch authorized_keys chmod 600 authorized_keys vi authorized_keys # copy-paste the entire contents of your local machine's ~/.ssh/id_rsa.pub file in authorized_keys # logout exit
Important: Make sure you have the right permissions for .ssh directory and authorized_keys file, as shown in chmod command above otherwise SSH will not honor your authorized_keys.
You should now be able to login to the remote server without typing your password.
# type this command from your local machine ssh hostname -l username
SSH should log you in without password! Now, you can also scp or rsync (over ssh) without having to enter your password.
Related posts:
Nice timing, I was just wondering if there was a way. You should add ‘scp’ as a keyword
You can try this tutorial at Arul’s website, its somewhat easier and I use it always.
The most common problem setting up the password free ssh is getting the permissions of .ssh directory and authorized_keys file right (see the last section above).
Mark, the tutorial that you are referring to above is simple, however it misses those important steps. I have personally wasted a lot of time debugging situations where ssh asked me for password because the permissions were wrong. Please make sure that the permissions on the remote server are correct to avoid unnecessary debugging.
useful and well organized.
I come across this while searching for a way to SSH without a pass between several SUSE stations which SHARE THE SAME $HOME. (the same mount point). Im using OpenSSH_4.2p1, OpenSSL 0.9.8a
Unfortunately this procedure failed to solve my issue (nor the one founded here: http://www.unix.com/sun-solaris/45763-ssh-shared-mount-point.html)
thanks
Hi Mircea, what error do you get?
Basically no errors but always prompted for the password.
Meanwhile (actually after 2 days of hitting my head on the wall) I have someone fixed this, I quote him: “The main fault was the home too open …. Rwxrwxrwx for home and for .ssh is considered tampered home and ssh will refuse to load .ssh/* files”
Remember to do the following on the server side:
chmod 700 ./ssh.
chmod 640 ./ssh/*
Thanks bro!
Worked a charm between macosx and linux
you saved my life, thanks a lot from Peru.
This was exactly my problem too ->
Basically no errors but always prompted for the password.
Meanwhile (actually after 2 days of hitting my head on the wall) I have someone fixed this, I quote him: “The main fault was the home too open …. Rwxrwxrwx for home and for .ssh is considered tampered home and ssh will refuse to load .ssh/* files”
I just chmod 755 root and it finally worked.
I was google on how to setting the SSH without key-in password. At last your tutorial gave successfully on my SSH testing. Thanks so much
Interesting, I have never ever been able to get this to work. No matter what I change the permissions to, or if I use rsa, or dsa. Forgive me for asking but does this not also depend on the the sshd config file on the server being set correctly, otherwise I don’t understand how it would work.
Works as advertise. Nice job.
Thanks Vineet,
It works for me!
Thanks for posting this. It’s a very clear and concise tutorial.
In “Create a .ssh directory on the remote machine and create a .authorized_keys file in that directory. You need to copy the entire contents of your local machine’s ‘id_rsa.pub’ and paste it in the .authorized_keys file on the remote server.” and “Important: Make sure you have the right permissions for .ssh directory and .authorized_keys file, as shown in chmod command above otherwise SSH will not honor your authorized_keys.”…did you mean to say “authorized_keys” and not “.authorized_keys?”
Thanks for the comment. Yes, I meant “authorized_keys” and not “.authorized_keys?”
If the system is hardened, will this still work?
What do you mean by “system is hardened”?