Overview

ssh passwordless login is done using a public/private key pair.  The private key is is kept on the system you want to login from; the public key is copied to the system and user you want to login to.

Setup procedure

  1. Generate a public/private key pair following the procedure on ssh key generation
  2. Copy the public key to the system and user you want to login to, adding it to the user's ~/.ssh/authorized_keys file.  If the file does not exist, create it and set the permissions to read and write for the user only (rw-------).
  3. For passwordless login as root to work, /etc/ssh/sshd_config on the system you want to login to must have "PermitRootLogin without password".

Usage

ssh <username>@<host>

If username is not specified, it defaults to the current user name

Examples:

ssh root@backupserver
ssh backupserver
ssh bl@192.168.28.2

Gotcha: the first time such a command is used for a particular host, ssh prompts interactively for confirmation to proceed.  When confirmation is given, it adds the host to ~/.ssh/known_hosts.  Thereafter there is no such interactive prompt.  If the passwordless login is to be used from a script, it needs to be done manually the first time or the script will hang.

In case you prefer a password protected key or you want to "hop" from system to system, SSH Agent Forwarding is helpful.

Problem analysis

The ~/.ssh directories must have 700 permissions, for example:

root@ac001.blue:~# ls -ld .ssh
drwx------ 2 root root 4096 Feb 5 10:24 .ssh

If the identity_file is not specified on the ssh command (common), has it been added to the ssh agent?  This command lists what has been added

ssh-add -l

If an identity_file has been added, is its corresponding public key in the server's ~/.ssh/authorized_keys file for the user you are trying to log in as?

If the above check list has not identified the problem, generate more information by:

Specific auth.log error messages

Still stuck?  Update this page when you find a solution (smile)