ssh access without password is a time saver and a must for automated scripts to copy files and transfer data across different servers. Setting us password less access can be tricky but you should be able to configure it using examples in this article.
How to configure password less ssh & sftp access in Unix & Linux systems? Follow these simple steps with examples with a basic troubleshooting section at the end. sftp uses underlying ssh access for authentication and after you establish password less ssh access you will have password less sftp access a s well.
This a real life example of configuring password less access for two users . The user ‘web’ in this case needs a secure password less access to another user james in a server ‘devserver’
.
How to do ssh without password & sftp without password
Follow the Steps to configure secure password less access
To begin, Lets check the current ssh & sftp connectivity status for james@devserver from localhost
[web@localhost ~]$ ssh james@devserver
james@devserver’s password:
[web@localhost ~]$ sftp james@devserver
james@devserver’s password:
As expected it prompted for password
1. Generate the public key private key pair
Generate the public key private key pair for the local host as following, Press enter for default file names and no
pass phrase options. The command here generates RSA type keys.
You can run the command ssh-keygen from any directory but the id files will be generated in .ssh dir of user’s home directory.
[web@localhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/web/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/web/.ssh/id_rsa.
Your public key has been saved in /home/web/.ssh/id_rsa.pub.
The key fingerprint is:
5e:30:d3:1a:00:c5:0b:29:96:ac:3e:42:20:dc:af:38 web@localhost.localdomain
2. Change directory to .ssh directory of user .
You will see two files starting with id_rsa. id_rsa is the private key and id_rsa.pub is public key. Check the date time stamp of these files to make sure these are the ones you generated recently.
[web@localhost ~]$ cd /home/web/.ssh
.ssh[web@localhost .ssh]$ ls -la
total 32
drwx—— 2 web web 4096 Dec 7 22:05 .
drwx—— 34 web web 12288 Dec 7 22:04 ..
-rw——- 1 web web 1675 Dec 7 22:05 id_rsa
-rw-r–r– 1 web web 407 Dec 7 22:05 id_rsa.pub
-rw-r–r– 1 web web 391 Dec 7 22:03 known_hosts
Check the date to be sure of current generated files.
3. Copy the rsa public key to the remote host
Copy the public key file from above example to .ssh of the user home directory and if .ssh directory is not there , create it as in the example below. You need to enter sftp/ssh password as passwordless access is not setup yet..
/.ssh[web@localhost .ssh]$ sftp james@devserver
Connecting to devserver…
james@devserver’s password:
sftp> pwd
Remote working directory: /home/james
sftp> cd .ssh
Couldn’t canonicalise: No such file or directory
sftp> mkdir .ssh
sftp> cd .ssh
sftp> put id_rsa.pub
Uploading id_rsa.pub to /home/james/.ssh/id_rsa.pub
id_rsa.pub 0% 0 0.0KB/s –:– ETAid_rsa.pub 100% 407 0.4KB/s 00:00
sftp>
4. login to the remote host with password
Once file is copied over , login to the remote host using ssh and password and go to .ssh directory under user home directory.
/.ssh[web@localhost .ssh]$ ssh james@devserver
james@devserver’s password:james@devserver:~[james@devserver ~]$ cd .ssh
james@devserver:~/.ssh[james@devserver .ssh]$ pwd
/home/james/.sshjames@devserver:~/.ssh[james@devserver .ssh]$ ls -l
total 4
-rw-r–r– 1 james james 407 Dec 7 22:06 id_rsa.pub
5. Rename the public key file, id_rsa.pub, to authorized_keys ;
Rename or append to file corresponding to the ssh protocol version in your system , User ssh -V to find out the ssh version
SSH protocols 1.3 and 1.5 uses file name as authorized_keys
SSH protocol 2.0 uses file name as authorized_keys2
if the authorized_keys file already exists then append the new keys to the existing file using,
cat id_rsa.pub >> authorized_keys .
Don’t use vi or editor to open , append and save these key files as any extra character/newline would corrupt these files.james@devserver:~/.ssh[james@devserver .ssh]$ mv id_rsa.pub authorized_keys
You can see the contents using cat command
james@devserver:~/.ssh[james@devserver .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArVWhE0L2FXNvmggZgqmGU
LVrcE4X7WQr6scSuU5FCQUsXzYjyOL8FbUIIkBeLLMIrV7mYa+
xuszHcvnAho/42/e4r5by8LVMyh0AAo7nketemkO/2ZiUXZhww7tySxgcI5U5L5PDmTCyF7vxLlJ0rGb7Ky//DtpKrBui5P4gIrKBeiA2TlbEL9UrQZ8HgTU3iSGtfUXH0O
26iLSWi6Tf40hEazvvVYESHPSBjUPIMqUGabtz1kKMDQB5x
C+F2MZ4lUCmgK2NexrhVWOrp7ODS1GlKsjSv6NSxOIVW0je
V00ZW9Fvgz865g+fakBITqYP76ptPIVXEps+91ABRSwggQ== web@localhost.localdomain
6. Change the key file and directory permissions
ssh is very sensitive to permissions so you have to change the key file and directory permissions exactly as required for it to work.
6a. Change authorized_keys to 600 permissions
james@devserver:~/.ssh[james@devserver .ssh]$ chmod 600 authorized_keys
james@devserver:~/.ssh[james@devserver .ssh]$ ls -ltr
total 8
-rw-r–r– 1 james james 407 Dec 7 22:06 id_rsa.pub
-rw——- 1 james james 407 Dec 7 22:08 authorized_keysjames@devserver:~/.ssh[james@devserver .ssh]$ cd ..
6b. Change .ssh directory to 700 permission
james@devserver:~[james@devserver ~]$ chmod 700 .ssh
6c. Verify permissions and log out .
james@devserver:~[james@devserver ~]$ logout
Connection to localhost closed.
7. Moment of truth : Try a ssh or sftp
/.ssh[web@localhost .ssh]$ ssh james@devserver
Last login: Tue Dec 7 22:07:04 2010 from localhost.localdomain
james@devserver:~[james@devserver ~]$ pwd
/home/james
/.ssh[web@localhost .ssh]$ sftp james@devserver
sftp>
8. Troubleshooting ssh/sftp access
If you are still getting password prompt, The most common problems can be
- Incorrect permission for .ssh directory and authorized_keys / authorized_keys2 file
- Corrupt key file, regenerate and copy again.
- Space,character or line inserted or truncated during appending to existing file. Don’t copy keys manually but do a cat new_keys >> authorized_keys ; For new files copy the file and rename , don’t manually copy paste contents.
Worked exactly as outlined. Thank you.
Nice and detailed. One quick comment. The above is how I did this for years and years. Then one time I had an issue with it not working. I had two hosts A and B and I wanted to configure them to ssh to each other. It worked one way, but not the other. And I would erase my files and restart from scratch repeatedly thinking a few extra characters got in there somehow and it still wouldn’t work.
Finally I looked it up and there is a linux command “ssh-copy-id” that does the work for you much better than manual copying and that’s what ended up working for me (who said a salty old sysadmin cant’ learn new tricks?). Wrote about it here:
http://geekswing.com/geek/unix/how-to-ssh-login-without-a-password-using-ssh-keygen-quick-tutorial/
Well to be honest i didn’t even know that i could config ssh without a password and i’ve been using linux for over 3 years (lol). Thanks for taking your time to write about this, and I hope that more articles will come.
Wow, so useful! Thanks.
hi thanks for the detailed report,but after doing all these,I was asked for password,
even I tried the command sftp -o PasswordAuthentication=”no” username @remote server.
Command failed saying permissiondenied(password)
please help if you can.
thank you~ this works. so great!
Perfect and to the point
Hi,
The content is very clear and understandable.
Thank you for this article.
Thanks,
K.Visuwa Bharathi
ssh-copy-id is your friend..
If you needed further debug during sftp session, you may see if the RSA private key is being used for access, please type “sftp -vvv @”
as the -v or -vv or -vvv or -vvvv will tell you the details of every process it does, it will help to debug if you encountered error.
Also – one may need to use the ssh-add command, per:
http://unix.stackexchange.com/questions/12195/how-to-avoid-being-asked-passphrase-each-time-i-push-to-bitbucket
eval $(ssh-agent)
ssh-add
Greate Article, Thanks for Posting it
I have followed exact steps as mentioned above, but still its prompt me for sftp ..here you see:
sftp root@10.10.40.35
Connecting to 10.10.40.35…
Password:
moreover,checked “authorized_keys”. And don’t see any space/line between the texts
may I ask someone to help me urgently..as i have a deadline to complete this task.
[root@redhat1 .ssh]# ssh root@192.168.1.182
Last login: Fri Jul 21 14:43:15 2017 from redhat2
unknown terminal “xterm-256color”
unknown terminal “xterm-256color”
[root@redhat2 root]#
Works both ways:
redhat1 -> redhat2 , redhat2 -> redhat1
Greate Article, Thanks for Posting it
You forgot to mention that the “PubkeyAuthentication” parameter in the sshd_config file needs to be set to “yes” otherwise this will never work.
The redefines the word “simple” for me.
Hello,
Thank you so much for the complete explanation of method however I am still not able to fix my passwordless access here. When I am trying to send file the file fro m one server to another it is prompting for password. Kindly help me if you have any troubleshooting solution on this.
Dear Team
After doing this setup . We have do any parameter settings in sshd_config file
Like below
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no