How to configure SSH public key authentication for passwordless login.
Environment
- Red Hat Enterprise Linux 6.x, 7.x, 8.x, 9.x
- SSH
Issue
- How to set up SSH public key authentication.
- How to set up password-less SSH login.
Resolution
1) Create a new SSH key pair using the ssh-keygen command.
- On your local machine, run the
ssh-keygencommand:
$ ssh-keygen
- If the prompt asks for a passphrase, type nothing but the Enter key:
Enter passphrase (empty for no passphrase):
-
By default,
ssh-keygencreates an RSA key pair of 2048 bits if no options are specified. The default location is/home/<user>/.ssh/id_rsaand/home/<user>/.ssh/id_rsa.pubfor the private and public key respectively. -
The
-boption specifies the key size in bits,-toption provides the type of key,-foption specifies the output files into which the private and public components of the key pair are to be stored. -
The following command creates an RSA key pair with key size of 4096 bits and saves the private and public key pair in
id_rsaandid_rsa.pubrespectively in$HOME/.sshdirectory.$ ssh-keygen -b 4096 - t rsa -
To store the key pair in a different location, use the
-foption as follows:$ ssh-keygen -b 4096 -t rsa -f $HOME/.ssh/id_rsa_key1
NOTE: The above command needs to be run on the source host from which login will be initiated.
2) Place the public key generated above into the authorized_keys file on the remote host.
$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@host0.domain.com
This command internally copies the public key into the remote host, attempts to login using the SSH key and also filters out keys that are already installed.
3) Verify the ownership and permissions of $HOME/.ssh and $HOME/.ssh/authorized_keys on the remote host.
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
$ chown -R <user>:<user> /home/<your_username>/.ssh
4) Login to the remote host without getting prompted for password.
$ ssh root@host0.domain.com
Last login: Mon May 6 12:40:50 2019 from 10.64.1.98
[root@host0 ~]#
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.