Passwordless login between Linux servers with SSH keys

Passwordless login between Linux servers with SSH keys

Many tutorials on SSH keys unfortunately forget a small but important point, namely disabling the host key check. This can be done in the file “/etc/ssh/ssh_config” (e.g. with the text editor vi or nano).

There you have to add an entry according to the following pattern:

Host 0.0.0.0
StrictHostKeyChecking no

0.0.0.0 should be replaced by your IP address, of course. It is also possible to put a * for all hosts.

Setting up the login via SSH keys

First we need to generate new keys on the origin server, this can be done with the command

ssh-keygen -t rsa

and then looks something like this:

root@debian:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ENTER.
Enter passphrase (empty for no passphrase): ENTER
Enter same passphrase again: ENTER
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:vIFg3XacOwNWXCDtbKGJ64W8LEumf/1tT+iw1Kyftwk root@debian
The key's randomart image is:
+---[RSA 2048]----+
| ....o.o |
| .oo o |
| . =o.- + .      |
|. o.+o = o |
| ...  . S |
|.. .     B .     |
|oo. . o + E .  |
|B. . .. *.o o |
|==..   . .o+.. o |
+----[SHA256]-----+

After that, from the origin server, we create a new folder on the destination server for the SSH keys with the command

ssh root@192.168.178.66 mkdir -p .ssh

This will look like this:

root@debian:~# ssh root@192.168.178.66 mkdir -p .ssh
The authenticity of host '192.168.178.66 (192.168.178.66)' can't be established.
ECDSA key fingerprint is SHA256:5hjRNiloYYdjgliSKTwIFc+1bVgTwBCkfT6nZ2Itu7w.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.178.66' (ECDSA) to the list of known hosts.
root@192.168.178.66's password: YOUR PASSWORD

In the next step, we upload the SSH key to the target server using the command

cat .ssh/id_rsa.pub | ssh root@192.168.178.66 'cat >> .ssh/authorized_keys'

This will look something like this:

root@debian:~# cat .ssh/id_rsa.pub | ssh root@192.168.178.66 'cat >> .ssh/authorized_keys'
root@192.168.178.66's password: YOUR PASSWORD

Now we still set the access rights to avoid errors:

ssh root@192.168.178.66 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

This might already work without a password now, if it doesn’t, assigning permissions will solve the problem.

Now we can log in to the remote computer without a password, for example with

ssh root@192.168.178.66

Note: This text is copyrighted

Please send coffee donations to: 0xd0803A568615A18403C3722AC6dBb3202FD14034 (Ethereum)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code