How to configure SSH public key authentication for passwordless login.

Solution Verified - Updated

Environment

  • Red Hat Enterprise Linux 6.x, 7.x, 8.x, 9.x
  • SSH

Issue

  • How to set up SSH public key authentication.
  • How to set up password-less SSH login.

Resolution

1) Create a new SSH key pair using the ssh-keygen command.

  1. On your local machine, run the ssh-keygen command:
$ ssh-keygen
  1. If the prompt asks for a passphrase, type nothing but the Enter key:
Enter passphrase (empty for no passphrase):
  • By default, ssh-keygen creates an RSA key pair of 2048 bits if no options are specified. The default location is /home/<user>/.ssh/id_rsa and /home/<user>/.ssh/id_rsa.pub for the private and public key respectively.

  • The -b option specifies the key size in bits, -t option provides the type of key, -f option specifies the output files into which the private and public components of the key pair are to be stored.

  • The following command creates an RSA key pair with key size of 4096 bits and saves the private and public key pair in id_rsa and id_rsa.pub respectively in $HOME/.ssh directory.

    $ ssh-keygen -b 4096 - t rsa
    
  • To store the key pair in a different location, use the -f option as follows:

    $ ssh-keygen -b 4096 -t rsa -f $HOME/.ssh/id_rsa_key1
    

NOTE: The above command needs to be run on the source host from which login will be initiated.

2) Place the public key generated above into the authorized_keys file on the remote host.

$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub root@host0.domain.com

This command internally copies the public key into the remote host, attempts to login using the SSH key and also filters out keys that are already installed.

3) Verify the ownership and permissions of $HOME/.ssh and $HOME/.ssh/authorized_keys on the remote host.

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
$ chown -R <user>:<user> /home/<your_username>/.ssh

4) Login to the remote host without getting prompted for password.

$ ssh root@host0.domain.com
Last login: Mon May  6 12:40:50 2019 from 10.64.1.98
[root@host0 ~]#
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.