Tuesday, 13 May 2014

How To : Secure Shell (SSH) Password-less Login using SSH-Keygen


    Secure Shell, as the name tells, is the open source and most secure and hence, most used protocol that is used to execute command remotely on a Linux host or to transfer files from one Linux host to another within a network using Secure Copy (SCP). Find more details about Secure Shell in our article- Secure Shell in Linux.

    In this article, we will see how to setup password-less login between two Linux system to transfer files between them with the same level of security and trust.

1. Create Private and Public Keys on Local Host (LinuxBox here)

    First thing we need to do is to generate Private and Public keys, this is achieved using ssh-keygen. When ssh-keygen -t rsa command is issued, it will generate a pair of keys- 'id_rsa' (Private Key) and 'id_rsa.pub' (Public Key).

  • Public Key: As the name suggests, this key is open to be distributed to the public. People having this public key with them, can send you messages in encrypted formats and in order to decrypt those messages, you will need your private key.
  • Private Key: It should not be shared with anybody else. If, by any means, somebody gets your private key, he will be having all the privileges to decrypt the message and access that sensitive data.
mandar@LinuxBox:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mandar/.ssh/id_rsa): [ENTER]
Enter passphrase (empty for no passphrase): [ENTER] Enter same passphrase again: [ENTER] Created directory '/home/mandar/.ssh'. Your identification has been saved in /home/mandar/.ssh/id_rsa. Your public key has been saved in /home/mandar/.ssh/id_rsa.pub. The key fingerprint is: a2:44:f5:40:0f:1b:64:3d:1c:e3:c4:66:2d:94:39:db mandar@LinuxBox The key's randomart image is: +--[ RSA 2048]----+ | oO=== | | o X%.. | | . .o+* | | . . E | | . . S | | . . . | | . | | | | | +-----------------+

2. Save the Public Key with Remote Host (RemoteBox here)

    Now, our aim is to copy the generated public key to the ~/.ssh/ directory of the remote host with the name authorized_keys. If this file is already present in the destination host, just append the key to the contents of the mentioned file. To achieve this, you can use any of the following methods:

Method 1. Using SCP
    Create a directory in the remote host with the name '.ssh'

mandar@LinuxBox:~$ ssh mandar@RemoteBox mkdir -p .ssh

The authenticity of host 'RemoteBox (' can't be established.
RSA key fingerprint is f6:73:69:26:bc:6a:59:e1:a7:0f:57:6e:19:42:34:2b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (RSA) to the list of known hosts.
mandar@RemoteBox's password: [Your Password Goes Here]
    Append the public key to the 'authorized_keys' file in the created directory.

mandar@LinuxBox:~$ cat .ssh/id_rsa.pub | ssh mandar@RemoteBox 'cat >> .ssh/authorized_keys'
mandar@RemoteBox's password: [Your Password Goes Here]
Method 2. Using ssh-copy-id

mandar@LinuxBox:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub RemoteBox
mandar@RemoteBox's password:

3. Login to the Remote Host

mandar@LinuxBox:~$ ssh RemoteBox
Last login: Mon May 12 21:18:47 2014 from

It didn't ask for any password this time => JOB DONE!!


Post a Comment