Passwordless login between Linux servers with SSH keys
Many tutorials on SSH keys unfortunately forget a small but important point, namely disabling the host key check. This can be done in the file “/etc/ssh/ssh_config” (e.g. with the text editor vi or nano).
There you have to add an entry according to the following pattern:
Host 0.0.0.0
StrictHostKeyChecking no0.0.0.0 should be replaced by your IP address, of course. It is also possible to put a * for all hosts.
Setting up the login via SSH keys
First we need to generate new keys on the origin server, this can be done with the command
ssh-keygen -t rsaand then looks something like this:
root@debian:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ENTER.
Enter passphrase (empty for no passphrase): ENTER
Enter same passphrase again: ENTER
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:vIFg3XacOwNWXCDtbKGJ64W8LEumf/1tT+iw1Kyftwk root@debian
The key's randomart image is:
+---[RSA 2048]----+
| ....o.o |
| .oo o |
| . =o.- + . |
|. o.+o = o |
| ... . S |
|.. . B . |
|oo. . o + E . |
|B. . .. *.o o |
|==.. . .o+.. o |
+----[SHA256]-----+
After that, from the origin server, we create a new folder on the destination server for the SSH keys with the command
ssh [email protected] mkdir -p .sshThis will look like this:
root@debian:~# ssh [email protected] mkdir -p .ssh
The authenticity of host '192.168.178.66 (192.168.178.66)' can't be established.
ECDSA key fingerprint is SHA256:5hjRNiloYYdjgliSKTwIFc+1bVgTwBCkfT6nZ2Itu7w.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.178.66' (ECDSA) to the list of known hosts.
[email protected]'s password: YOUR PASSWORDIn the next step, we upload the SSH key to the target server using the command
cat .ssh/id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys'This will look something like this:
root@debian:~# cat .ssh/id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys'
[email protected]'s password: YOUR PASSWORDNow we still set the access rights to avoid errors:
ssh [email protected] "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"This might already work without a password now, if it doesn’t, assigning permissions will solve the problem.
Now we can log in to the remote computer without a password, for example with
ssh [email protected]Note: This text is copyrighted
Please send coffee donations to: 0xd0803A568615A18403C3722AC6dBb3202FD14034 (Ethereum)