Public Key Authentication (Password Less SSH) on the Linux Systems
To create a key pair, use the ssh-keygen command. The ssh-copy-id command is next used to copy the public key over to the target server. In this article, you learn how to do the basic details on setting up the public key and Password Less SSH authentication between two Linux servers.
Public Key / Password Less SSH Authentication:
Many times Public key authentication is also referred as passwordless ssh.
Few scenarios where this passwordless ssh authentication can be used
- Automation Tools to work – such as Ansible
- Cluster Setups – Oracle RAC,VCS
- Infrastructure Management – jump servers
- Automated file transfers – FTP servers
Step 1. Generating the Keys on SourceServer:
Execute the following command on the source server to generate a private/public pair for key-based authentication.
Other optional features:
SourceServer# ssh-keygen [-b bits] [-t type] [-C comment]
Specifies the number of bits in the key to creating.
Specifies the type of key to create. Example “dsa”, “ecdsa” or “rsa”
When it ask whether you want to use a passphrase, press Enter to use the passphrase-less setup.
|Generating public/private rsa key pair. |
Enter file in which to save the key (/root/.ssh/id_rsa): Press Enter
Enter passphrase (empty for no passphrase): Press Enter
Enter same passphrase again: Press Enter
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
Step 2. Update Keys on Remote Host
Execute the following command on SourceServer to copy the public key to DestinationLocation(TargetServer)
command from SourceServer
# ssh-copy-id [email protected]
Execute the following command on SourceServer to edit the /etc/ssh/sshd_config file and set the following options:
Step 3. Testing the Public Key Authentication
Use the ssh-copy-id command to copy the public key you have just created over to Target Server. Now it will ask for the password on the remote server one last time.
Command from SourceServer
After copying the public key, verify that it can actually be used for authentication. To do this, type ssh “username”@targetserver. You should now authenticate without having to enter the password for the remote user account.
# ssh [email protected]
Also, watch the below video for better understanding about Public Key / Password Less ssh Authentication on Linux systems.