How to Setup Secure SSH Without Password on Linux CentOS

This quick post will show the steps to setup SSH access without password, but with passphrase key on Linux CentOS. After completely performed the following steps, you can ssh from one system to another without specifying any password. This steps has been tested on CentOS 6.3 and may working on other CentOS versions and Redhat Enterprise linux versions as well.

Client = 192.168.1.54
Server = 192.168.1.55

1. Create Public and private keys from openssh and save it :

[root@client ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
9c:41:a8:b5:d1:7f:64:c5:91:89:38:bf:5a:4c:30:16 root@centos63.ehowstuff.local
The key's randomart image is:
+--[ RSA 2048]----+
|       o. Eo +o+ |
|      +.. * + +  |
|     o o.o B     |
|    . .. o. +    |
|        S  + .   |
|            +    |
|           o     |
|          .      |
|                 |
+-----------------+
[root@client ~]# ls -l /root/.ssh/
total 8
-rw------- 1 root root 1743 Oct  4 23:04 id_rsa
-rw-r--r-- 1 root root  411 Oct  4 23:04 id_rsa.pub

2. Change the mode of public key :

[root@client ~]# chmod 600 /root/.ssh/id_rsa.pub
[root@client ~]# ls -l /root/.ssh/
total 8
-rw------- 1 root root 1743 Oct  4 23:04 id_rsa
-rw------- 1 root root  411 Oct  4 23:04 id_rsa.pub

3. Make a .ssh directory in the home of the user on server :

[root@server ~]# mkdir .ssh
[root@server ~]# cd .ssh/
[root@server .ssh]# pwd
/root/.ssh

4. From Client, transport the key to the server :

[root@client .ssh]# scp id_rsa.pub root@192.168.1.55:/root/.ssh/
The authenticity of host '192.168.1.55 (192.168.1.55)' can't be established.
RSA key fingerprint is 71:fc:a2:51:b3:ed:bc:7b:68:ec:9e:51:a8:04:ab:fd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.55' (RSA) to the list of known hosts.
root@192.168.1.55's password:
id_rsa.pub                                                        100%  411     0.4KB/s   00

5. Change the key to authorized key in .ssh folder :

[root@server ~]# cd .ssh/
[root@server .ssh]# pwd
/root/.ssh
[root@server .ssh]# cat id_rsa.pub >>authorized_keys
[root@server .ssh]# ls
authorized_keys  id_rsa.pub

View the authorized_keys :

[root@ldap .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqToSfMUihcL/lFA6chuVTO77FAHNJFs102lULCVS8XwLFoDbauHdk61x3/rAHDj1HSFbb/heuHUdRndT1CJvSaK+lZ6mKMqvfqlGBvgcF+9t0+Mx3/8Nwaoy891bmiRV81UA8ywwSGx/hw6+LgLTn0F1dh+bhezdAyIV+WMM6QUW9v6APncLw0EtbZX/IMuJCizT+ka+yUgxRB8nteTKYyG1/fCwo7utKBD9Sypt4VBvMFIcoKhIoTzhAxUDxXwmOGn5mUB8aDLzUsf3eJuGOMLVH/k+zByt6tfZ9V/EFUMOVmXV33XCgewJa6RiUm0aXnmYWd722ju/tZyFqzip1w== root@client.ehowstuff.local

6. Now Connect your server without passsword but with the passphrase key :

[root@client ~]# ssh root@192.168.1.55
Enter passphrase for key '/root/.ssh/id_rsa':
Last login: Thu Oct  4 23:08:17 2012 from 192.168.1.52
[root@server ~]#

Leave a Reply

Your email address will not be published. Required fields are marked *