SSH, which stands for Secure Shell, is a widely used and reliable program for securely executing commands remotely on Linux systems. SCP, used for secure file transfers, is also based on the SSH security protocol.
When you have many servers, frequently typing passwords can be quite troublesome. So, how can you log in without a password while maintaining security? Of course, it’s possible. Here, we’ll outline five steps to achieve passwordless login for Linux servers such as RHEL/CentOS 7.x/6.x/5.x and Fedora.
Let’s look at the environment:
SSH Client : 192.168.1.12 ( Mac )
SSH Remote Host : 192.168.1.11 ( CentOS 7 )
This article will demonstrate passwordless login from a Mac to a remote CentOS 7 server.
1. Generate SSH-Keygen Key Pair on Your Local Mac
First, use the following command in your Mac terminal to generate a key pair:
➜ Desktop ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/yourname/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/yourname/.ssh/id_rsa.
Your public key has been saved in /Users/yourname/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:skotytjPaTzhiuQgyC41DbrFiiwgShtQCw7kEyNgX+M tengbozhang@tengbos-Air
The key's randomart image is:
+---[RSA 2048]---+
|..*Bo.+. |
|.o++oo.o |
| oo= . . |
| = + .. |
| O o S |
| . B |
| ooB. o |
|.o===.oo |
|oo==o=+E |
+----[SHA256]-----+
2. Create the .ssh Directory on the Remote Linux Host (CentOS 7)
Log in to CentOS 7 from your Mac terminal and execute the command to create the .ssh directory:
➜ Desktop ssh root@192.168.1.11
root@192.168.1.11's password:
Permission denied, please try again.
root@192.168.1.11's password:
Last failed login: Wed Jan 2 09:35:47 CST 2019 from 192.168.1.12 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Wed Jan 2 09:34:52 2019 from 192.168.1.12
➜ ~ ll .ssh
total 4.0K
-rw-r--r--. 1 root root 368 Dec 17 11:07 known_hosts
# If it doesn't show, use mkdir .ssh to create it. I already have the directory, so I don't need to create it.
3. Upload the Generated Public Key to the Remote Host (CentOS 7)
Use SSH to upload the public key generated in the first step from your local machine to the authorized_keys file within the .ssh directory on the remote CentOS 7 host:
➜ Desktop cat ~/.ssh/id_rsa.pub | ssh root@192.168.1.11 'cat >> .ssh/authorized_keys'
root@192.168.1.11's password:
➜ Desktop
4. Set Permissions for .ssh and authorized_keys on the Remote Host
➜ Desktop ssh root@192.168.1.11 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
root@192.168.1.11's password:
5. Mac Passwordless Login to Remote Host (CentOS 7)
➜ Desktop ssh root@192.168.1.11
Last login: Wed Jan 2 09:35:52 2019 from 192.168.1.12
➜ ~
With these steps, you’ve successfully achieved passwordless login! If you have multiple servers, you can follow the same method: upload the public key to the authorized_keys file within the user’s .ssh folder on each remote host, set the correct directory and file permissions, and you’ll be able to log in without a password.