SSH (Secure SHELL) is an open-source and trusted network protocol that is used to log in to remote servers for the execution of commands and programs.
It is also used to transfer files from one computer to another computer over the network using a secure copy (SCP) command and rsync command.
In this article, we will show you how to set up password-less login on RHEL-based Linux distributions such as CentOS, Fedora, Rocky Linux & AlmaLinux, and Debian-based distributions such as Ubuntu & Mint using ssh keys to connect to remote Linux servers without entering a password.
Using Password-less login with SSH keys will increase the trust between two Linux servers for easy file synchronization or transfer.
My Setup Environment
SSH Client : 192.168.0.12 ( Fedora 36 ) SSH Remote Host : 192.168.0.11 ( CentOS 8 )
If you are dealing with several Linux remote servers, then SSH Password-less login is one of the best ways to automate tasks such as automatic backups with scripts, synchronization files using the SCP command, and remote command execution.
In this example, we will set up SSH password-less automatic login from server 192.168.0.12 as user tecmint to 192.168.0.11 with user sheena.
Step 1: Create Authentication SSH-Keygen Keys on – (192.168.0.12)
First login into server 192.168.0.12 with user tecmint and generate a pair of public keys using the following command.
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/tecmint/.ssh/id_rsa): [Press enter key] Created directory '/home/tecmint/.ssh'. Enter passphrase (empty for no passphrase): [Press enter key] Enter same passphrase again: [Press enter key] Your identification has been saved in /home/tecmint/.ssh/id_rsa. Your public key has been saved in /home/tecmint/.ssh/id_rsa.pub. The key fingerprint is: 5f:ad:40:00:8a:d1:9b:99:b3:b0:f8:08:99:c3:ed:d3 [email protected] The key's randomart image is: +--[ RSA 2048]----+ | ..oooE.++| | o. o.o | | .. . | | o . . o| | S . . + | | . . . o| | . o o ..| | + + | | +. | +-----------------+
Step 2: Upload SSH Key to – 192.168.0.11
Use SSH from server 192.168.0.12 and upload a newly generated public key (id_rsa.pub) on server 192.168.0.11 under sheena‘s .ssh directory as a file name authorized_keys.
$ ssh-copy-id [email protected]
Make sure that the correct permissions are set on the ~/.ssh directory and the ~/.ssh/authorized_keys file on the remote server.
$ ssh [email protected] "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"
Step 3: Disable Password Authentication (Optional)
For increased security, you can disable password authentication on the remote server and only allow SSH key authentication. To do this, open the SSH server configuration file on the remote server:
$ sudo nano /etc/ssh/sshd_config OR $ sudo vi /etc/ssh/sshd_config
Find the line containing PasswordAuthentication and set it to no.
PasswordAuthentication no
Save the file and restart the SSH service.
$ sudo systemctl restart sshd
Step 4: Test SSH Passwordless Login from 192.168.0.12
From now onwards you can log into 192.168.0.11 as a sheena user from server 192.168.0.12 as a tecmint user without a password.
$ ssh [email protected]
In this article, you’ve learned how to set up an SSH Passwordless login using an ssh key. I expect that the process was straightforward. If you have any questions, please post them in the comment section below.
I followed all the above steps but I am still getting prompted for password. I am using root user on both linux servers.
@Deepa,
Please check the permission on the .ssh directory and key on remote Linux server. Also I suggest you to user normal user for passwordless logins.
even after following these I am getting host key verification failed. connection reset by the peer.couldn’t read the packet.
please help.
@Rajeev,
I think something is blocking could you check the SSH port 22 is open on firewall?
Its easy to follow .Thanks a lot for this awsome tutorial.
hey will this work for root user as well?
@Umesh,
Yes, you can setup SSH passwordless login for root user as well..
Excellent simple tutorial
Hello Sir,
I have followed the same instructions as on the article for ssh connectivity to VM1 to VM2 and VM1 to VM3.
Also the permissions are 700 for .ssh directory on both the VMs as well as on the VM1.
Thanks
Raman Sharma
@Raman,
If you’ve followed instructions correctly, then it should work without any issues, please cross check again…If you still unable to connect, try to re-upload pub key to VM3 and see..
Hello,
I wanted to run the script through ssh on two VMs, via another VM.
When i configure ssh passwordless on VM1 to run the script on VM2 it works fine , but when i configure VM1 to run the scriptn on VM3, it overrides hence fails and prompts for the password.
Goal is to access two or more than two VM2 and VM3 through VM1.
Individually it works fine but while configuring the both VM2 and VM3 it only runs the script on the latest VM configured.
Thanks
Raman
@Raman,
Have you followed the same instructions for VM1 to VM2 and VM1 to VM3? could you check the .ssh/authorized_keys file permission on both VM’s? it should be 700 permission on .ssh directory.
Hello Sir,
I have followed the same instructions as on the article for ssh connectivity to VM1 to VM2 and VM1 to VM3.
Also the permissions are 700 for .ssh directory on both the VMs as well as on the VM1.
Thanks
Raman Sharma
Quite useful…Thanks a ton!!
thanks brother… it works very well..
Perfect. Worked like a charm. Thanks for this tutorial.
I also add the host entry into a config within the .ssh folder.
Host PC
Hostname 192.168.0.11
User sheena
Port “if not standard”
then its a simple ssh PC to connect. Also to store key for current session type ssh-add and enter key passphrase.
It does not work.
@Don,
May I know why its not working for you? could you share whats the problem you facing…
I have manually copied from one ip to the other one I have tried the given demo also
Generated the ssh-keygen on node and copied the id_rsa.pub key in authorized_keys of other client address machine
and vice versa I have done
Ex: cat id_rsa.pub and copied in authorized_keys of other client address
FYI: cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKWpgaLZISajE/6U3i2cxrf8xhg8OtECLFtx5ZBmpkelLMWBoM4YUZsapjOMiKxWRcx3TjfKJQiOaVEGmUm1Kd8mLwIHUcCrV3XDm2Me+tNorPYGGrKyEbWwDDilfwCQfJ76WavkhHKz4ODm8toRaI+MNfy0ED7ZGCdOnurXsfuym1Q6MhngR24ns+KVbaFI5wz36RLxvvRsFuJq7MVxbwFtuZ5zNWjejSjTwtMi4JTAe4UXjAVBshgL0pExWJ9ZxE+KWNngyS2MyZyKDV30zbpje9ksSgNKVvSZx6deXf/33CqarFlj1D9/J09MoNZn5pNHRPdmnxWQfHO1uFlJNL [email protected]
Hi
Could you help me to do the passwordless SSH
We got this error while testing scp/ssh based password-less authentication
AUDIT: CHFW0019I: The Transport Channel Service has started chain HttpOutboundChain:servernamexxxx:9080.
c:
Could not load module /usr/share/centrifydc/lib/libcrypto.so.
Dependent module /opt/freeware/lib64/libgcc_s.a(shr.o) could not be loaded.
The module has an invalid magic number.
Could not load module scp.
Dependent module /usr/share/centrifydc/lib/libcrypto.so could not be loaded.
Could not load module .
Any idea why ? Is it something to do with directory permissions ?
@George,
I think you’re using AIX machine, and I don’t think these instructions works on AIX, and to be fact I never worked on AIX so sorry I can’t help you out..
Thanks for the article, I often come refer your site, BTW, How do you make those short video, if you throw me some clues that will be helpful..
how do l disable ssh passwordless login using keygen
@Emmanuel,
Delete the .ssh directory from the user directory to disable SSH Passwordless login.
ssh-copyid is more simple to use.
+1 This. Came here to comment the same
It is maybe the first command which I run when somebody gives me access on new server.
is there any option to do sftp with pass wordless from windows to aix server
If remote machine is windows machine. In that case how to configure Public key?
Could you please let me know the steps?
Much appreciated.
@Ranjeet,
You mean Cygwin under Windows with Linux SSH Passwordless login? if yes, you should follow this guide https://www.tecmint.com/install-cygwin-to-run-linux-commands-on-windows-system/
Thanks for the howto, but I am in need of help, I forget my ssh password, so how to recover…
@Rajveer,
The ssh user is root? if yes, try to reset root password.
Hi – Thanks for this information. I followed your instructions with the ssh client on Solaris 10 and the target on RHEL-7. If the target has SElinux disabled, it works. But if the target has SElinux enabled, it does not work.
I was able to fix it by following the instructions here: http://stackoverflow.com/questions/9741574/redhat-6-oracle-linux-6-is-not-allowing-key-authentication-via-ssh
chown -R : ~/.ssh
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
restorecon -R -v ~/.ssh
@Enhorn,
Thanks for the tip, hope it will help other fellow readers…
Hello,
Thanks for post.
I have one query :
I want to reset password of multiple servers with an script, Can we pass password as parameter while ssh to set new password.
in parameter.
Thanks !
@Ravi,
No idea, never had such requirement yet, but I am sure you can do it by a script via SSH..
Cool post. Thanks
Hi All,
I have a question on automation.
I have EMC datadomain boxes runs on proprietary RHEL, I have a command called “df” which will provide status of the file system.
I would like to add this command into a script along with RSA SSH passwordless authentication with a time out of 30 sec. Can you please help / share some idea
@Pradeep,
First create a SSH passwordless authentication on the server that you want to connect to remote host and then create a script with df command and run with cron every 30 seconds..
Hi Ravi Saive,
i would like use ( ssh [email protected] ssh -version ) but i no need type my password again.
please help me write script.
Thanks,
Hi,
Thanks for your great article. it is really awesome.
Now I have a question here.. please suggest me…
suppose I have a server (192.168.0.1) with SSH enable and one of my client (19.168.0.2) is accessing it from any user account. After performing some task on server, the client close the ssh session. Now on server end, I want to check what the client did, which commands did he run (total activity by client)
could you please tell me ho can I do that on server end?
Thanks in advance!
@Rajvee,
The history command will help you out here, history command will tell you last executed commands by user.
https://www.tecmint.com/history-command-examples/
After following your steps, It’s still asking for password. On one machine, id_rsa.pub was already present and able to do passwordless ssh on most of other client machines but not able to do on one. The one on which, these steps didn;t worked has “.ssh” folder with 700 permission and inside that “authorized_keys” file only with 640 permission. Nothing else is present, I just used following command as id_rsa.pub file was already present:
cat .ssh/id_rsa.pub | ssh ‘cat >> .ssh/authorized_keys’
Still asking for password. Can you please help. I have restarted sshd also from my client machine.
issue resolved….Thank you
Below is the error:
cat .ssh/id_rsa.pub | ssh 192.168.132.131 ‘cat >> .ssh/authorized_keys’
cat: .ssh/id_rsa.pub: No such file or directory
@Ravi….Than you or your reply….permission issue resolved….but after executing above steps….still asking for password
having the same problem asking for password please help
Hi Sir , I have applied the same steps but it was asking the password after entering the password i am able to ssh.
After that i have restarted the server (instlled on VM) then after doing ssh found the following:
[email protected]‘s password:
Permission denied, please try again.
[email protected]‘s password:
Permission denied (publickey,password).
Please help.
@Sahil,
Have you created same users on both server? so that the user can have write permission to upload SSH pubic key..The error above clearly stating that you’ve a permission issue..
I tried the steps, using my user name for two systems and for some reason, it did not work, Any idea, here is the more details:
[amishra@RV-159 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/user/amishra/.ssh/id_rsa):
/user/amishra/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /user/amishra/.ssh/id_rsa.
Your public key has been saved in /user/amishra/.ssh/id_rsa.pub.
The key fingerprint is:
fb:a1:06:d4:00:a2:66:4b:77:14:a3:83:86:c4:77:f0 [email protected]
The key’s randomart image is:
+–[ RSA 2048]—-+
|….o=. |
|oo.o+.o |
|o*.+.E o |
|= o o . . |
| . . S |
| . . |
| .. . |
| .o . |
| .. . |
+—————–+
[amishra@RV-159 ~]$ ssh amishra@rv-106 mkdir -p .ssh
The authenticity of host ‘rv-106 (10.14.67.97)’ can’t be established.
ECDSA key fingerprint is 51:d5:e3:15:cf:d2:ef:da:ad:6c:a6:97:ab:26:c3:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘rv-106,10.14.67.97’ (ECDSA) to the list of known hosts.
amishra@rv-106’s password:
[amishra@RV-159 ~]$ cat .ssh/id_rsa.pub | ssh amishra@rv-106 ‘cat >> .ssh/authorized_keys’
amishra@rv-106’s password:
[amishra@RV-159 ~]$
[amishra@RV-159 ~]$ ssh amishra@rv-106 “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”
amishra@rv-106’s password:
[amishra@RV-159 ~]$
[amishra@RV-159 ~]$ ssh rv-106
amishra@rv-106’s password:
Last login: Tue Oct 20 16:46:44 2015 from rv-evt.qlogic.org
[amishra@RV-106 ~]$
[amishra@RV-106 ~]$
[amishra@RV-106 ~]$
I was expecting that for the last ssh rv-106, it will not ask my password. Am I missing something here? Thanks for the nice steps.
@Anil,
You’ve not mentioned username of the remote Linux, try this way:
Ravi,
Same effect.
[amishra@RV-159 ~]$ ssh amishra@rv-106
amishra@rv-106’s password:
Since in my exercise, I am trying same username on two different systems (RV-159 and RV-106), it gets the username anyway, like if you see the error message what I posted earlier, it has got the correct user name “amishra” and it is asking for the password for the same user name in the prompt. “amishra@rv-106’s password:”.
Probably I am missing something which may be prerequisite to do the above steps. It will be nice to know that.
Thanks,
Anil
@Anil,
Does your hostname ‘rv-106’ resolve to IP address? or why not try with IP address and see..
Ravi,
I tried IP and seems to be working.
Thanks,
Anil
@Anil,
Is problem shorted out? you able to login without password? Please update us..
Ravi,
I misspoke in my previous message, with IP also, it asks for password, pl see below.
[amishra@RV-159 ~]$ ssh -l amishra 10.14.67.97
[email protected]‘s password:
Last login: Wed Oct 21 22:46:34 2015 from 10.8.6.6
[amishra@RV-106 ~]$
Could please post red hat satellite server setup and how to manage that server.
@Bheema,
Sure, your article request accepted and we try to start a new series on Red Hat satellite series soon, till then stay tuned.
Thank you very much! it was very helpul
Hi Ravi,
I have used this trick , But after some when i am doing ssh , it will show connection lost.Any other alternative method.
Thanks,
Anil
@Anil,
Try to set SSH TMOUT value to higher. For example, the following variable will set SSH timeout to 120 seconds, you can increase as per your needs.
hi ravi can you mail me i have a question about Indian study i want consulted with you brother if u have free time please this is my whatsapp no +989140748620.
Thank you for writing this up!
One thing though: For some reason I had to restart sshd on my secondary server before it started to accept the connections.
Hi!, this method is not working for me. I have followed all the steps, but the server keeps asking for password.
Thanks in advance
Hi Ravi,
I would like to run security,critical updates on my centos server on weekly basis please suggest to me which is best commands.
@Sanjay,
Just yum update will fix all critical security bugs or you can update specific packages via yum..
If I run the yum update,kernel also update if kernel is update can we get any issues
@Sanjay,
Yes, if you do ‘yum update’ all packages including kernel will update, but I don’t think you will face any issue and it’s always recommended to do a update weekly..
very helpful
I am stuck at Step 3: cat .ssh/id_rsa.pub | ssh user@machine ‘cat >> .ssh/authorized_keys’. While running this I am getting error: “The System cannot find the path specified”. To validate I run only ‘cat .ssh/id_rsa.pub’ and it worked fine. Then when I tried ssh user@machine ‘cat >> .ssh/authorized_keys’ it again gave the same error “The System cannot find the path specified”. I validated the authorized keys path on target machine and it is located at /u/pub/.ssh/authorized_keys. So I run ssh user@machine ‘cat >> /u/pub/.ssh/authorized_keys’ but still getting the same error. Running out of my mind now. Please help.
@Sandeep,
Strange error even after specifying path correctly, on which distro are you trying? if possible can you restart the system try (not needed but just a suggestion).
I tried restarting the machines but no luck. I am trying the password less ssh between a windows and linux. I wanted to connect to Linux box from Windows without password.
@Sandeep,
How you trying out from Windows? is there you using any software?
I am using Cygwin.
The best one !!! thank you :-)
Hello Ravi,
In above example user sheena is on which machine? ie.on client machine or remote host?
@Balkrishna,
Sheens user is on client side..
This article is entirely too specific in its naming scheme; readers shouldn’t have to memorize random particulars in order to follow your guide.
Works perfectly with the clear instructions! Thx
The instruction is extremely clear and correct. But could you provide why we need to set permission of file “authorized_keys file” to 640?
pulling my hair out! I seem to have no issue logging into my ubuntu 14.04 with the account ‘warren’ on both, but i set this up with a user ‘gituser’ on the server and cannot for the life of me get it to login automatically form warren@local to gituser@server. Any tips would be appreciated.
What are the access-rights of your .ssh-directories? They should be ‘700’ for each user, if not, ssh refuses pw-less login for security reasons.
I use this way for ssh communication
example VM => node1, node2
1. ssh-keygen node1
ssh-keygen node2
2. ssh-copyid node1
ssh-copyid node2
that’s all. After doing these, I can use ssh and scp without password input
hi Yang Jae! I did your way, but still ask me type password. do we need change any values in “sshd_config” file?
Thank you
@Zigerha,
Check your authorized_key file permission..it should be 644.
hi Ravi! I double check already! but still ask password with below message:
[root@Openerp ~]# ssh [email protected]
Enter passphrase for key ‘/root/.ssh/id_rsa’:
Thank you!
@Zigerha,
Can you tell me the permission of .ssh and authorized key?
hi Ravi! permission: .ssh is 700, authorized_keys is 644, id_rsa is 600. I configure on Oracle Linux 6.6_x86_64.
Thanks a lot!
hi Ravi! I solve my issue on Oracle Linux with below commands:
$ssh-agen bash
$ssh-add
thanks for nice support.
@Zigerha,
I am glad that finally you solved the problem yourself….
hi Ravi,
Thanks. But my way isn’t good. when I exit ssh-agent, ssh connection will be disconnect. I don’t know why. I check permission already, same your suggestion.
I am sorry to confuse for you
so I write it in detail
1. ssh-keygen on both node1,2
2. ssh-copyid node1 on node2
ssh-copyid node2 on node1
Thanks. it helps to you
What is the name of the software you use to record terminal activity..
Steps 2-4 can be replaced with:
ssh-copy-id [email protected]
@Basket,
I do agree with you, but the given steps also do same work….
server 1 ip is 192.168.1.1 and second server is 192.168.1.2 i doo all the steps but it asking me for password i set the permission to .ssh 700 and authorised_keys to 640
@Gurdeep,
It’s ‘authorized_keys’ file not ‘authorised_keys’..please check and confirm..
Hi Ravi,
we have 10 servers with CentOS on VM ware i would like to backup of each server on NAS please suggest to me which is best method for backup and suggest to me how to do it step by step
@Sanjay,
I hope these guides will help you out.
https://www.tecmint.com/installation-of-freenas/
https://www.tecmint.com/create-centralized-secure-storage-using-iscsi-targetin-linux/
Hi,
I would like take incremental backup (schedule time is 10 P.M ) on centos server in NAS
HI Ravi,
I want to change the time panel UTC to IST canu suggest to me how to change it
@sanjay,
To set time panel UTC to IST, run the following commands
Hi Ravi
thanks for your support
I would like take incremental backup (schedule time is 10 P.M ) in centos server on NAS kindly suggest to me how to take schedule backup in step by step
@Sanjay,
Use cron to set the time and use scp or rsync command to take backup of your system to NAS…for more details on how to take backup use following guides..
https://www.tecmint.com/rsync-local-remote-file-synchronization-commands/
https://www.tecmint.com/scp-commands-examples/
Hi Ravi
thanks for your support
please help me for below mentioned backup
Hi Ravi,
While write the crontab job it getting crontab:installing new crontab
kindly suggest to me
@Sanjay,
Can you please share the screen grab to know better about your issue…
Hi,
I am unable share the screen shot find below which process in run the crontab
[root@localhost~]#crontab -e
then i wrote the crontab as 1 22 * * * /root/backup(backup script file)
after save the crontab i am getting below error
crontab:installing new crontab
kindly suggest to me
@Sanjay,
I hope this guide will help you out..
http://unix.stackexchange.com/questions/21297/how-do-i-add-an-entry-to-my-crontab
I couldn’t understand that method please give another solution.
please suggest to me if sever is down or any service is down I should receive mail and SMS alerts kindly suggest how to do it with out monitor tools
Hi Ravi,
I installed Nagios monitoring tool on cent OS server,I would like access that tool from windows client system please suggest to me how to access in windows client system
@Sanjay,
Please comment on the relevant topic…
Dear Ravi,
Issue is resolved there is problem with permissions now it working good.
So please give the solution for another issue
This. just. works. I couldn’t believe it would be so simple. Spent the last 2.5 hours reading dozens of different ‘tutorials’ and nothing worked, this was supposed to be such a simple 5-minute task, i was starting to doubt my own sanity. This was literally my last try, it looked almost ‘too simple’ at first but it saved my evening. Thanks a lot for posting! Frank
Hello,
I have performed above steps but still ssh is asking for password, can any buddy help me on this. Thanks in Advance.
Regards,
@Zeeshan,
Check the permissions of authorized_keys file, it should be 640
For Ubuntu 14.04 some extra pre steps may be needed.
1. f you messed up already the setup, remove the server 2 from known hosts to restart process.
ssh-keygen -R hostname
2. It is good to create the same user in both machines and run this setup as this user.
3. Turn this user as sudoer and allowed ssh user in both servers.
For sudoer use command
visudo
and copy same root previleges to this user
For ssh:
vi /etc/ssh/sshd_config
at the line starting with
AllowUsers root
add you new user with an space in between
AllowUsers root username
Also check this variables, you may have to add one
PermitRootLogin without-password
PermitRootLogin yes
UsePAM no
Hi Ravi,
Please see if you can help.
i have two Linux servers, first server(lniux 5.7) ip x.y.4.112 and another linux server(6.3) ip is x.y.90.23.
i want a ssh passwordless communication from x.y.90.23 to x.y.4.112.
manually ssh is allowed.
i have followed the below steps also.
1. on server x.y.90.23
>$ ssh-keygen -t rsa
>$HOME/.ssh
2. on server x.y.4.112
>Copy content of id_rsa.pub file from x.y.90.23 server to all x.y.4.112 server in file authorized_keys under directory $HOME/.ssh/
But still it is asking for password.
is it because both server are on different network ?or different linux O.S? or something else.
i tried locally with two server on the same n/w..that was working..
Thanks in advance.
@neelam,
Please set the correction permissions on ‘.ssh’ directory and ‘authorized_keys’ file on remote hosts (i.e. ip 4.112 ) as shown.
Hi Ravi,
Please see if you can help.
i have two Linux servers, first server(lniux 5.7) ip x.y.4.112 and another linux server(6.3) ip is x.y.90.23.
i want a ssh passwordless communication from x.y.90.23 to x.y.4.112.
manually ssh is allowed.
i have followed the below steps also.
1. on server x.y.90.23
>$ ssh-keygen -t rsa
>$HOME/.ssh
Hello Ravi Saive,
I am managing a lot of servers which have each of them loggin and passwords through a ssh bastion. All servers are centOS based, the ssh bastion to is in centOS, and my laptop iis in windows.
What I would like to do is to generate a public key on each server, and copy them to a repository in the SSH bastion and if I would like to ssh to a remote serverA, I only do a putty configuration which will permit to only tipe “ssh serverA” and I get connected.
What would I do to have it?
What are the configuration needed
Thanks in advance for your help
Regards
Hello Ravi,
I followed your steps to do password-less ssh between two ubuntu systems, the commands executed properly, not even single error but after everything still it is asking password to connect.
** any different procedure for ubuntu OS???
Please help me out..
Procedure is same for all Linux OS’s, but never yet tried on Ubuntu systems, will try and let you know, why its still asking for password.
Hello Can you help me. While setting up ssh key i forgot to give 600 permission to authorized_keys file and now connection is closed please help me with this, now how can i login to other server its always showing connection closed by some ip. Please help
Hi ,
I was able to successfully able to login to server 2 passwordlessly from server 1. But this is getting reset after a while( maybe after 24 hours) and again i have to enter password. How to make this change permanent.
No, it will not automatically reset itself, someone from you team might doing it or some scripts might reset your ssh logins.
Or probably there’s system configuration management (like chef, puppet, ansible and the like) that governs (your infrastructure) the ssh authorized_keys.
work perfect for me!
ENV:
– client: GLSDK 6.04 for OMAP5 EVM reference board
– server: CentOS 5.5
Thanks!
Absolutely love this post !! Thanks for sharing these steps.
I fought with this for a while and found that the permissions on the user’s home directory needed to be updated from:
drwxrwxr-x
to:
drwxr-xr-x
by running the following as the user in the user’s home dir:
[user@host ~]# chmod 755 .
This fixed it for me.
Ahh, thanks. This took me 3 hours
Thanks Ravi.Worked for me…
Welcome Bro, I a happy it worked for you..
Sir ,
I am using your following step, I am trying to login. which passwordless ssh is NOT working.
Have you correctly placed SSH key in remote server authorized file?
check the stickybit on the folder which contains .ssh folder, remove the stickybit if it exists… chmod g-s dirname
I have followed the steps given
But I think there is a problem with the user I am trying to login with because of which passwordless ssh is NOT working
I followed up all the steps and got no error whatsoever. But it still doesn’t work. Any ideas?
Tnx
I haven’t realized about the chmod on path and on the file
Thank you and it work perfectly. But I think those that got problems using this guidelines was because of SELinux. Cause I experienced the same following this guide in a centos/rhel environment.
Just do the either of the below commands and afterwards you should be able to ssh without asking for password.
[root@centossrv1 ~]# ssh root@tester1 “restorecon -R /root/”
root@tester1’s password:
or
[root@tester1 ~]# restorecon -R /root/
Again, thank you tecmint and more power!
[root@centossrv1 ~]# cat .ssh/id_rsa.pub | ssh root@tester1 ‘cat >> .ssh/authorized_keys’
root@tester1’s password:
[root@centossrv1 ~]# ssh root@tester1 “chmod 700 .ssh; chmod 640 .ssh/authorized_keys; chmod go-rwx .ssh/authorized_keys”
root@tester1’s password:
Well, this was I did. in my case.
Thanks again!
I was stuck and this step definitely helped. Thank you.
hi ,
I followed the above steps but unable to connect without pasword. my os is cento 6.5…there is use root instead of user on both users…. i think this is not a big mistake….. #scp id_rsa.pub [email protected].. but i am not able to get in…Could you please help me out…
—
Thanks
Jagan
Ravi,
Followed your steps, one by one without error, and still it is asking for password.
Local machine:
$ uname -a
Linux xxxxx 2.6.18-164.2.1.el5 #1 SMP Mon Sep 21 04:37:42 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
Remote machine:
$ uname -a
Linux yyyyyy 2.6.18-128.el5 #1 SMP Wed Jan 21 08:45:05 EST 2009 x86_64 x86_64 x86_64 GNU/Linux
I was enabling ssh passwordless login sun solaris server. I followed all the steps above.
But it still prompting for password.
I tried to debug. Here is the debug output.
ssh -v [email protected]
Sun_SSH_1.1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 192.6.14.41 [192.6.14.41] port 22.
debug1: Connection established.
debug1: identity file /appbin/oracle/uccdev/.ssh/identity type -1
debug1: identity file /appbin/oracle/uccdev/.ssh/id_rsa type 1
debug1: identity file /appbin/oracle/uccdev/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.3
debug1: match: Sun_SSH_1.1.3 pat Sun_SSH_1.1.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.3
debug1: use_engine is ‘yes’
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: i-default
debug1: Peer sent proposed langtags, stoc: i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated lang: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: C
debug1: Remote: Negotiated messages locale: C
debug1: dh_gen_key: priv key bits set: 125/256
debug1: bits set: 1628/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host ‘192.6.14.41’ is known and matches the RSA host key.
debug1: Found key in /appbin/oracle/uccdev/.ssh/known_hosts:1
debug1: bits set: 1563/3191
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: set_newkeys: setting new keys for ‘out’ mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: set_newkeys: setting new keys for ‘in’ mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: Next authentication method: publickey
debug1: Trying private key: /appbin/oracle/uccdev/.ssh/identity
debug1: Trying public key: /appbin/oracle/uccdev/.ssh/id_rsa
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying public key: /appbin/oracle/uccdev/.ssh/id_dsa
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
Can you please help me out?
It’s great..!
Seems I have a permission error when trying to create the .ssh directory. Could you help?
Could not chdir to home directory /var/services/homes/Inspections: Permission denied
mkdir: can’t create directory ‘.ssh’: Permission denied
Why you creating under /var directory, it should be under user’s home directory (i.e. /home).
Yes I re-did all the steps and it has worked. I have one more question. I have a second server I’d like to add to authorized_keys
Can you tell me the proper syntax to append the file for Step 3 above so that both servers can login?
Simply upload the id_rsa.pub key on second server’s under /home/user/.ssh/authorized_keys
I think a lot of problems with the two-way connection between Fedora might be an SELinux issue?…..just throwing that one out there!….and thanks for the article…very educational!!
how would it work if the account (1) is being used in a SCP command as scp file act1@home machine where acct 1 is not defined to where the SCP command is running ( remote machine ?
Example:
Unix 2 uses acct2 has its home env and executes the scp file acct1@localmachine where acc1 is defined.
Does an authorized_keys file into the .ssh directory of acct1 needed?
hi can u help me.
in my fedora 19 system on gui base the sftp not working but on terminal when i login to sftp it is working fine can u give me the solution of this error.
Awesome. Its perfectly working. :)
How will this script function incase I use RSA securID to log in to the servers?
my server is down when i want to login through putty using ssh it gives error connection time out …now i want o work on my server how can i login through putty to work on it
i tried the same approach i was able to login from one env to another but while trying to fire sudo su – Command its still asking for password :(
Many thanx for your brilliant steps.. :))
insted of rsa we can use dsa also
dsa is the new one
Yes you can use any one of them.. both are almost same with minor changes.
I followed the above steps which mentioned by you. But still when i try to do ssh, its asking for password. can you pls let me know is there anything i have to do. i am trying to login from fedora 18 to fedore 11. please guide
Have you uploaded Generated Public Key to remote server under authorized_keys file?. Please check content of authorized_keys file.
A great tip, thanks. Used with mySQL in order to dump and load a database from one server to another. See here:
ssh -C user@host ‘mysqldump -u dbuser –password=dbpass -D dbname | gzip’ | gzip -d | mysql -u dbuser –password=dbpass -D dbname
Thanks, again!
Hello. Here are some preliminary system specs:
Local: Fedora 18 (Desktop Interface)
Server: Ubuntu 12
Setting up password-less ssh works fine from Ubuntu system to Ubuntu Server. From Fedora, not so much. The “copy-id” command works, and initially requests the password to fulfill the request. From Fedora, I ssh into my Ubuntu server and it still prompts for a password. Is there something different in sshd or elsewhere that we should be reviewing?
Troubleshooting:
I rebooted both devices to ensure that all services restart, and also verified that the services were running upon reboot.
Any information on this would be most helpful. Thank you.
Hi,
I followed above steps but still not able to connect to my server without password.
i am using
server 1 : Red Hat Enterprise Linux Server release 5.5
server 2 : Red Hat Enterprise Linux Server release 6.2
i want to connect from server one to two without password.
please help.
Thanks and Regards,
Arivnd.S
Login into server1 and run the following commands.
Now try to login to server2, it will won’t prompt you to enter password. Try and let me know.
Thanks..
Followed above instruction.
still not able to connect to my server without password.
there was no error while following above steps.
do i need to check any specific log for messages?
Thanks
Ok, but is this asking password prompt?
yes i m too having a same problem..still its asking for password
It is asking password for me. place of user i am using “root” user.
Thanks,,
PAM may be blocking you from logging in as root remotely. Try it with a mere mortal user (not root) and verify it works okay. If it does, then look more at /etc/pam.d/sshd and similar files on the target host.
Hi,
i have a problem of moving data from Hue to HDFS.
may you please guide me on how do i do about that.
Thanks
It was really a great help indeed. Thank u so much.. it served my purpose.
In my opinion, our created id_rsa.pub key at host node copy to other two nodes’s home directory. then create authuorized_keys on other two site. Is it true?
one-to-one connection without passwordless was successfully. But one-to-two connection was failed, first one is successful, second one is not login without password. help me??
Yes! you must copy key and create authroized_keys file on that server.
this didn’t work for me :(
Mine are 2 CentOS 5.8 servers, but I don’t know why this didn’t work. Can someone help out?
You followed all steps correctly? while logging you getting password prompt?
I followed all steps to the letter but I still have to enter the password.
Never mind. I deleted the relevant .ssh dirs local and remote, then tried again. Now it’s working.
Thanks for the tutorial.
CentOS has a command ssh-copy-id that helps out. There’s a guide here that shows it http://www.howtoforge.com/how-to-configure-ssh-keys-authentication-with-putty-and-linux-server-in-5-quick-steps
I too followed the steps correctly and then also deleted the .ssh directories and tried it a second time and still get a password prompt.
Most of the time this works great for me, which is important because as part of an automated test environment I have scripts that need to send root commands to other systems on their LANs with ssh and if the target system prompts for a password the script fails. However, I have a Fedora 16 system that refused to honor the authorized_keys file in roots ~/.ssh and prompts for a password anyway. I don’t know what is causing it to do that, when the other Linux boxes all work fine (and the Fedora box works fine for non-root use logins). Note, the system does let me ssh login as root, because I can enter the pasword, but not the script.
I don’t do this with Fedora and Ubuntu GNU/Linux System. Ubuntu to Fedora is great, but trying with Fedora to Ubuntu, no function. I need help. Please.
Thanks.
Can you tell exactly what errors you getting or you could post them here. so we could work out and give you a way to communicate your fedora to Ubuntu system.
Greet Thanks for you sir
you saved my hadoop Way :D
For Debian only 3 steps :)
1) Generate ssh keys.
2) Run ‘ssh-copy-id’ (copy your ssh public key ) to remote host
3) login to remote host using ssh keys.