SSH Passwordless Login – CentOS 7 / RHEL 7
SSH is a client and server protocol, and it helps us to access the remote system over the network through the encrypted tunnel. Whenever the client access the server, the client downloads the secure key from the server and at the same time-server also downloads the key from a client. Those two keys make the encrypted tunnel between the server and client, so that data transfer very securely over the network.
SSH is widely used as the alternative to FTP, as you know any thing that uses TCP network asks password to collect data. SSH is also a TCP service, and it requires a password to access the remote machine. If the organization has a large number of servers, every time admin has to enter the password to access the remote system. It is a pain to enter the password multiple times; SSH comes with new feature called password less login, that helps to access the remote machine without entering the password.
To enable the password less login, we have to put the public key entry of client host name and user detail on the remote server. That key entry will be on the following file (~/.ssh/authorized_keys) (~=Home directory of the user) according to your remote user.
Follow the steps to create the password less login. Here we have two machines with two different usernames.
Machine 1 :
IP address: 192.168.12.6
Machine 2 :
IP address: 192.168.12.8
Here I will be using a hostname instead of ipaddress; you can replace it with real ip addresses. I have logged in as raj on server.example.com, create a pair of keys using the following command.
[raj@server ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/raj/.ssh/id_rsa): Created directory '/home/raj/.ssh'. Enter passphrase (empty for no passphrase): Press Enter Enter same passphrase again: Press Enter Your identification has been saved in /home/raj/.ssh/id_rsa. Your public key has been saved in /home/raj/.ssh/id_rsa.pub.
Once you have created, you will find two files inside the .ssh directory. id_rsa and id_rsa.pub. We are going to use id_rsa.pub as a base file.
[raj@server ~]$ ll ~/.ssh/ total 8 -rw-------. 1 raj raj 1675 Nov 25 10:43 id_rsa -rw-r--r--. 1 raj raj 404 Nov 25 10:43 id_rsa.pub
Use the ssh-copy-id command with an input file of id_rsa.pub; it creates ~/.ssh/authorized_keys if not present, other wise it would replace the key. The key contains the information about the host and user name.
[raj@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub email@example.com The authenticity of host 'client.itzgeek.com (192.168.12.6)' can't be established. ECDSA key fingerprint is a1:cb:88:60:46:16:fd:d3:93:31:4b:5f:94:5e:78:f8. Are you sure you want to continue connecting (yes/no)? yes Type Yes and Enter /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys firstname.lastname@example.org's password: Enter password of ram (client machine user) Number of key(s) added: 1Now try logging into the machine, with: "ssh 'email@example.com'"and check to make sure that only the key(s) you wanted were added.
Now access the remote machine using SSH. It will take you to the shell directly without asking password.
[raj@server ~]$ ssh firstname.lastname@example.org [ram@client ~]$
That’s All. This password less login saves the time and energy of the system admin.