Passwordless SSH key-based authentication in 60 seconds on CentOS Linux

1. What is key-based, passwordless SSH authentication?

Setting up SSH keys for passwordless authentication is a preferred, quick and painless authentication mechanism on CentOS Linux, and many other SSH based systems. It also allows you to set up automated tasks, such as copying backups to another server, without having to enter a password.

2. Configuring key-based, passwordless SSH authentication

In this scenario, we have two servers: demo1.centosblog.com and demo2.centosblog.com. We want to grant passwordless, key-based authentication from the root user on demo1.centosblog.com to the root user on demo2.centosblog.com

a) Assuming these keys do not exist yet, we generate our public and private key pair on demo1.centosblog.com:

{ Note – we do not provide a password when generating these keys, as we want to keep authentication passwordless, we also accept the default location to save the keys. }

ssh-keygen -t dsa

Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
<snipped> root@demo1.centosblog.com
The key's randomart image is:
+--[ DSA 1024]----+
<snipped>
+-----------------+

As you can see, the above command has generated two files, /root/.ssh/id_dsa and  /root/.ssh/id_dsa.pub – always keep the id_dsa file safe – this is your private key!

b) Now that our SSH keypair has been generated, we can quickly copy our public key file to demo2.centosblog.com with the following command:

ssh-copy-id -i /root/.ssh/id_dsa.pub root@demo2.centosblog.com

Now try logging into the machine, with “ssh ‘root@demo2.centosblog.com'”, and check in:

~/.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

c) And with that, you should now be able to ssh from the root user on demo1.centosblog.com to the root user on demo2.centosblog.com without having to enter any password!

Scan to Donate Bitcoin
Like this? Donate Bitcoin to at:
Bitcoin 13KzxfEoFPzt5ccoQvSkUEytTgQV8JN5ej
Donate
Share This Post

About Author: Curtis K

Hi! My name is Curtis, and I am the creator of CentOS Blog. Please feel free to comment any suggestions, feedback or questions on my posts!

  • Binh Thanh Nguyen

    Thanks, nice tips