Overview
ssh passwordless login is done using a public/private key pair. The private key is is kept on the system you want to login from; the public key is copied to the system and user you want to login to.
Setup procedure
- Generate a public/private key pair following the procedure on ssh key generation
- Copy the public key to the system and user you want to login to, adding it to the user's ~/.ssh/authorized_keys file. If the file does not exist, create it and set the permissions to read and write for the user only (
rw-------
). - For passwordless login as root to work, /etc/ssh/sshd_config on the system you want to login to must have "PermitRootLogin without password".
Usage
ssh <username>@<host>
If username is not specified, it defaults to the current user name
Examples:
ssh root@backupserver
ssh backupserver
ssh bl@192.168.28.2
Gotcha: the first time such a command is used for a particular host, ssh prompts interactively for confirmation to proceed. When confirmation is given, it adds the host to ~/.ssh/known_hosts. Thereafter there is no such interactive prompt. If the passwordless login is to be used from a script, it needs to be done manually the first time or the script will hang.
In case you prefer a password protected key or you want to "hop" from system to system, SSH Agent Forwarding is helpful.
Problem analysis
The ~/.ssh directories must have 700 permissions, for example:
root@ac001.blue:~# ls -ld .ssh
drwx------ 2 root root 4096 Feb 5 10:24 .ssh
If the identity_file is not specified on the ssh command (common), has it been added to the ssh agent? This command lists what has been added
ssh-add -l
If an identity_file has been added, is its corresponding public key in the server's ~/.ssh/authorized_keys file for the user you are trying to log in as?
If the above check list has not identified the problem, generate more information by:
- Tailing the ssh server's /var/log/auth.log file while re-trying the failing ssh command.
- Use ssh's -v option. It can be used up to three times for greater verbosity.
Still stuck? Update this page when you find a solution!