This article will help you to Setup SSH Keys on Linux system. We can also say it passwordless ssh in Linux Systems using ssh key pair.
SSH ( Secure Shell ) is widely used for remote login to Linux servers. When we log into a remote system using ssh, it prompts for the password and then only allow us to login to the server. Sometimes we need to configure applications or scripts (mostly shell script) to automate tasks to do after ssh to the remote system. But if we do not have configured key-based ssh, a script will prompt for password on each run which we need to manually enter. To solve this problem, we have an alternative to using public/private key concept. In which remote server allows other systems to ssh on basis of key.
Step 1 – Generate SSH Key Pair
Firstly you would require generating a key pair (RSA or DSA), you can specify option rsa or dsa key using ‘t’ command line switch. If we do not pass -t parameter, it will create rsa key by default.
$ ssh-keygen -t rsa
Generating public/private rsa key pair. Enter file in which to save the key (/home/manju/.ssh/id_rsa): Created directory '/home/manju/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/manju/.ssh/id_rsa. Your public key has been saved in /home/manju/.ssh/id_rsa.pub. The key fingerprint is: SHA256:GZQ3tJffEUimdMZHIG3LcpvdkOaogwXBtWeaM2ejzYY manju@linuxmasterswiki The key's randomart image is: +---[RSA 2048]----+ | ..+oo+*+o | | .+ +o** ..| | .oooB oo | | .o B =+..| | S.= *+=.o| | .X.+...| | oE.+ | | . o. | | . | +----[SHA256]-----+
The above command will create two files in the ~/.ssh directory as followings.
- ~/.ssh/id_rsa [private key]
- ~/.ssh/id_rsa.pub [public key]
Step 2 – Copy Public Key to Remote System
Lets copy our public key of our system to remote systems ~/.ssh/authorized_keys key file. We can do this manually or using ssh-copy-id command line tool.
$ ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.10.20
21 firstname.lastname@example.org's password: Now try logging into the machine, with "ssh '192.168.10.20'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
Its will prompt for the password of the remote system. Enter remote machine password and press enter.
Step 3 – Verify SSH without Password
Now as we have all done, simply try to ssh to the remote system. You will log in to the remote system without entering the password.
$ ssh email@example.com
Above command will not prompt for the password to log in. In any case, if ssh command prompts for the password, it means your setup is not configured properly and try again all the steps again.