ssh Without Password in Few Simple Steps

ssh access without password is a time saver and a must for automated scripts to copy files and transfer data across different servers. Setting us password less access can be tricky but you should be able to configure it using examples in this article.

How to configure password less ssh & sftp access in Unix & Linux systems? Follow these simple steps with examples with a basic troubleshooting section at the end. sftp uses underlying ssh access for authentication and after you establish password less ssh access you will have password less sftp access a s well.

This a real life example of configuring password less access for two users . The user ‘web’ in this case needs a secure password less access to another user james in a server ‘devserver’
.

How to do ssh without password & sftp without password

Follow the Steps to configure secure password less access 

To begin, Lets check the current ssh & sftp connectivity status for james@devserver from localhost

[web@localhost ~]$ ssh james@devserver
james@devserver’s password:
[web@localhost ~]$ sftp james@devserver
james@devserver’s password:

As expected it prompted for password

1. Generate the public key private key pair

Generate the public key private key pair for the local host as following, Press enter for default file names and no
pass phrase options. The command here generates RSA type keys.
You can run the command ssh-keygen from any directory but the id files will be generated in .ssh dir of user’s home directory.

[web@localhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/web/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/web/.ssh/id_rsa.
Your public key has been saved in /home/web/.ssh/id_rsa.pub.
The key fingerprint is:
5e:30:d3:1a:00:c5:0b:29:96:ac:3e:42:20:dc:af:38 web@localhost.localdomain

2. Change directory to .ssh directory of user .

You will see two files starting with id_rsa. id_rsa is the private key and id_rsa.pub is public key. Check the date time stamp of these files to make sure these are the ones you generated recently.

[web@localhost ~]$ cd /home/web/.ssh

.ssh[web@localhost .ssh]$ ls -la
total 32
drwx—— 2 web web 4096 Dec 7 22:05 .
drwx—— 34 web web 12288 Dec 7 22:04 ..
-rw——- 1 web web 1675 Dec 7 22:05 id_rsa
-rw-r–r– 1 web web 407 Dec 7 22:05 id_rsa.pub
-rw-r–r– 1 web web 391 Dec 7 22:03 known_hosts

Check the date to be sure of current generated files.

3. Copy the rsa public key to the remote host

Copy the public key file from above example to .ssh of the user home directory and if .ssh directory is not there , create it as in the example below. You need to enter sftp/ssh  password as passwordless access is not setup yet..

/.ssh[web@localhost .ssh]$ sftp james@devserver
Connecting to devserver…
james@devserver’s password:
sftp> pwd
Remote working directory: /home/james
sftp> cd .ssh
Couldn’t canonicalise: No such file or directory
sftp> mkdir .ssh
sftp> cd .ssh
sftp> put id_rsa.pub
Uploading id_rsa.pub to /home/james/.ssh/id_rsa.pub
id_rsa.pub 0% 0 0.0KB/s –:– ETAid_rsa.pub 100% 407 0.4KB/s 00:00
sftp> 

4. login to the remote host  with password

Once file is copied over , login to the remote host using ssh and password and go to .ssh directory under user home directory.

/.ssh[web@localhost .ssh]$ ssh james@devserver
james@devserver’s password:

james@devserver:~[james@devserver ~]$ cd .ssh
james@devserver:~/.ssh[james@devserver .ssh]$ pwd
/home/james/.ssh

james@devserver:~/.ssh[james@devserver .ssh]$ ls -l
total 4
-rw-r–r– 1 james james 407 Dec 7 22:06 id_rsa.pub

5. Rename the public key file, id_rsa.pub, to authorized_keys ;

Rename or append to file corresponding to the ssh protocol version in your system , User ssh -V to find out the ssh version

SSH protocols 1.3 and 1.5 uses file name as authorized_keys
SSH protocol 2.0 uses file name as authorized_keys2

if the authorized_keys file already exists then append the new keys to the existing file using,

cat id_rsa.pub >> authorized_keys .
Don’t use vi or editor to open , append and save these key files as any extra character/newline would corrupt these files.

james@devserver:~/.ssh[james@devserver .ssh]$ mv id_rsa.pub authorized_keys

You can see the contents using cat command
james@devserver:~/.ssh[james@devserver .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArVWhE0L2FXNvmggZgqmGU
LVrcE4X7WQr6scSuU5FCQUsXzYjyOL8FbUIIkBeLLMIrV7mYa+
xuszHcvnAho/42/e4r5by8LVMyh0AAo7nketemkO/2ZiUXZhww7tySxgcI5U5L5PDmTCyF7vxLlJ0rGb7Ky//DtpKrBui5P4gIrKBeiA2TlbEL9UrQZ8HgTU3iSGtfUXH0O
26iLSWi6Tf40hEazvvVYESHPSBjUPIMqUGabtz1kKMDQB5x
C+F2MZ4lUCmgK2NexrhVWOrp7ODS1GlKsjSv6NSxOIVW0je
V00ZW9Fvgz865g+fakBITqYP76ptPIVXEps+91ABRSwggQ== web@localhost.localdomain

6. Change the key file and directory permissions

ssh is very sensitive to permissions so you have to change the key file and directory permissions exactly as required for it to work.

6a. Change authorized_keys to 600 permissions

james@devserver:~/.ssh[james@devserver .ssh]$ chmod 600 authorized_keys
james@devserver:~/.ssh[james@devserver .ssh]$ ls -ltr
total 8
-rw-r–r– 1 james james 407 Dec 7 22:06 id_rsa.pub
-rw——- 1 james james 407 Dec 7 22:08 authorized_keys

james@devserver:~/.ssh[james@devserver .ssh]$ cd ..

6b. Change .ssh directory to 700 permission

james@devserver:~[james@devserver ~]$ chmod 700 .ssh

6c. Verify permissions and log out .

james@devserver:~[james@devserver ~]$ logout
Connection to localhost closed.

7.  Moment of truth : Try a ssh or sftp

/.ssh[web@localhost .ssh]$ ssh james@devserver
Last login: Tue Dec 7 22:07:04 2010 from localhost.localdomain
james@devserver:~[james@devserver ~]$ pwd
/home/james
/.ssh[web@localhost .ssh]$ sftp james@devserver
sftp>

8. Troubleshooting ssh/sftp access

If you are still getting password prompt, The most common problems can be

  1. Incorrect permission for .ssh directory and authorized_keys / authorized_keys2 file
  2. Corrupt key file, regenerate and copy again.
  3. Space,character or line inserted or truncated during appending to existing file. Don’t copy keys manually but do a cat new_keys >> authorized_keys ; For new files copy the file and rename , don’t manually copy paste contents.

19 Comments

  1. Pascal

    Worked exactly as outlined. Thank you.

  2. ben

    Nice and detailed. One quick comment. The above is how I did this for years and years. Then one time I had an issue with it not working. I had two hosts A and B and I wanted to configure them to ssh to each other. It worked one way, but not the other. And I would erase my files and restart from scratch repeatedly thinking a few extra characters got in there somehow and it still wouldn’t work.

    Finally I looked it up and there is a linux command “ssh-copy-id” that does the work for you much better than manual copying and that’s what ended up working for me (who said a salty old sysadmin cant’ learn new tricks?). Wrote about it here:

    http://geekswing.com/geek/unix/how-to-ssh-login-without-a-password-using-ssh-keygen-quick-tutorial/

  3. Well to be honest i didn’t even know that i could config ssh without a password and i’ve been using linux for over 3 years (lol). Thanks for taking your time to write about this, and I hope that more articles will come.

  4. shanmuk

    hi thanks for the detailed report,but after doing all these,I was asked for password,

    even I tried the command sftp -o PasswordAuthentication=”no” username @remote server.

    Command failed saying permissiondenied(password)

    please help if you can.

  5. ryo wang

    thank you~ this works. so great!

  6. bitterandstout

    ssh-copy-id is your friend..

  7. dinoideas

    If you needed further debug during sftp session, you may see if the RSA private key is being used for access, please type “sftp -vvv @”

    as the -v or -vv or -vvv or -vvvv will tell you the details of every process it does, it will help to debug if you encountered error.

  8. Asif

    Greate Article, Thanks for Posting it

  9. satyajit

    I have followed exact steps as mentioned above, but still its prompt me for sftp ..here you see:
    sftp root@10.10.40.35
    Connecting to 10.10.40.35…
    Password:

    moreover,checked “authorized_keys”. And don’t see any space/line between the texts

    may I ask someone to help me urgently..as i have a deadline to complete this task.

    • [root@redhat1 .ssh]# ssh root@192.168.1.182
      Last login: Fri Jul 21 14:43:15 2017 from redhat2
      unknown terminal “xterm-256color”
      unknown terminal “xterm-256color”
      [root@redhat2 root]#

      Works both ways:
      redhat1 -> redhat2 , redhat2 -> redhat1

  10. parkwayma

    Greate Article, Thanks for Posting it

  11. Claude

    You forgot to mention that the “PubkeyAuthentication” parameter in the sshd_config file needs to be set to “yes” otherwise this will never work.

  12. GerogeJones

    The redefines the word “simple” for me.

  13. vaibhavi

    Hello,

    Thank you so much for the complete explanation of method however I am still not able to fix my passwordless access here. When I am trying to send file the file fro m one server to another it is prompting for password. Kindly help me if you have any troubleshooting solution on this.

  14. Kalyan

    Dear Team

    After doing this setup . We have do any parameter settings in sshd_config file
    Like below

    RSAAuthentication yes
    PubkeyAuthentication yes
    PasswordAuthentication no

Leave a Reply

Your email address will not be published. Required fields are marked *