VOOZH about

URL: https://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/

⇱ How to Setup SSH Passwordless Login in Linux

Skip to content

SSH (Secure SHELL) is an open-source and trusted network protocol that is used to log in to remote servers for the execution of commands and programs.

It is also used to transfer files from one computer to another computer over the network using a secure copy (SCP) command and rsync command.

In this article, we will show you how to set up password-less login on RHEL-based Linux distributions such as CentOS, Fedora, Rocky Linux & AlmaLinux, and Debian-based distributions such as Ubuntu & Mint using ssh keys to connect to remote Linux servers without entering a password.

Using Password-less login with SSH keys will increase the trust between two Linux servers for easy file synchronization or transfer.

My Setup Environment
SSH Client : 192.168.0.12 ( Fedora 36 )
SSH Remote Host : 192.168.0.11 ( CentOS 8 )

If you are dealing with several Linux remote servers, then SSH Password-less login is one of the best ways to automate tasks such as automatic backups with scripts, synchronization files using the SCP command, and remote command execution.

In this example, we will set up SSH password-less automatic login from server 192.168.0.12 as user tecmint to 192.168.0.11 with user sheena.

Step 1: Create Authentication SSH-Keygen Keys on – (192.168.0.12)

First login into server 192.168.0.12 with user tecmint and generate a pair of public keys using the following command.

$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/tecmint/.ssh/id_rsa): [Press enter key]
Created directory '/home/tecmint/.ssh'.
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Press enter key]
Your identification has been saved in /home/tecmint/.ssh/id_rsa.
Your public key has been saved in /home/tecmint/.ssh/id_rsa.pub.
The key fingerprint is:
5f:ad:40:00:8a:d1:9b:99:b3:b0:f8:08:99:c3:ed:d3 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| ..oooE.++|
| o. o.o |
| .. . |
| o . . o|
| S . . + |
| . . . o|
| . o o ..|
| + + |
| +. |
+-----------------+

👁 Create SSH RSA Key

Step 2: Upload SSH Key to – 192.168.0.11

Use SSH from server 192.168.0.12 and upload a newly generated public key (id_rsa.pub) on server 192.168.0.11 under sheena‘s .ssh directory as a file name authorized_keys.

$ ssh-copy-id [email protected]

Make sure that the correct permissions are set on the ~/.ssh directory and the ~/.ssh/authorized_keys file on the remote server.

$ ssh [email protected] "chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"

Step 3: Disable Password Authentication (Optional)

For increased security, you can disable password authentication on the remote server and only allow SSH key authentication. To do this, open the SSH server configuration file on the remote server:

$ sudo nano /etc/ssh/sshd_config
OR
$ sudo vi /etc/ssh/sshd_config

Find the line containing PasswordAuthentication and set it to no.

PasswordAuthentication no

Save the file and restart the SSH service.

$ sudo systemctl restart sshd

Step 4: Test SSH Passwordless Login from 192.168.0.12

From now onwards you can log into 192.168.0.11 as a sheena user from server 192.168.0.12 as a tecmint user without a password.

$ ssh [email protected]

👁 SSH Remote Passwordless Login

In this article, you’ve learned how to set up an SSH Passwordless login using an ssh key. I expect that the process was straightforward. If you have any questions, please post them in the comment section below.

If this article helped, share it with someone on your team.
TecMint Weekly Newsletter
Get the Learn Linux 7 Days Crash Course free when you join 34,000+ Linux professionals reading every Thursday.
Check your email for a magic link to get started.
Something went wrong. Please try again.
TecMint has been free for 14 years. Help keep it that way.
Google AI Overviews and tools like ChatGPT have cut into search traffic for independent tech sites like TecMint. Running this site costs over $2,000 every month for hosting, infrastructure, and paying authors to keep the content accurate and tested.

If this article helped you solve a problem, consider buying a coffee. It helps keep TecMint free, supports the authors, and keeps the project going.
☕ Buy Me a Coffee
Ravi Saive
I'm Ravi Saive, an award-winning entrepreneur and founder of several successful 5-figure online businesses, including TecMint.com, GeeksMint.com, UbuntuMint.com, and the premium learning hub Pro.Tecmint.com.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

282 Comments

Leave a Reply

  1. nice write up. !

    Why not use ed25519 (elliptic curve) as key type?

    Reply

  2. Good one! Worked like a charm on CentOS 7.

    Reply

  3. This also worked for connecting my MacBook air to my ubuntu media server.

    Reply

  4. Thank you for this one. It really helps me in doing SSH public key.

    Reply

  5. This setup is for one id. how can we set it up for all users?

    Reply

  6. Doesn’t a passwordless login compromise security?

    Reply

    • @Dragonmouth,

      Passwordless authentication is safe, secure, and easy to use, as it reduces attack vectors by eliminating password management practices…

      Reply

  7. It was really helpful. You saved my day. Thanks :)

    Reply

  8. ssh root@IPaddress
    root@IPaddress’s password:
    Permission denied, please try again.
    root@IPaddress’s password:
    Permission denied, please try again.
    root@IPaddress’s password:
    Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,hostbased).

    The problem is I tried the methods related to public key generation. But no matter I do what it always keeps asking for a password and my permission gets denied.
    All conventional methods have failed.
    Need urgent help.

    Reply

    • Step 1: ssh-keygen -t rsa

      Step 2: ssh root@IPaddress mkdir -p .ssh

      root@IPaddress’s password:
      Permission denied, please try again.
      root@IPaddress’s password:
      Permission denied, please try again.
      root@IPaddress’s password:
      Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,hostbased).

      Please help. It’s urgent

      Reply

  9. Hey,

    I’m just copy-paste for the same command. But it’s asking password!

    Please guide me for the same :

    SSH Client : 10.10.10.4
    SSH Remote Host: 10.10.10.5

    Step 1: Create Authentication SSH-Keygen Keys on – (10.10.10.4)

    [[email protected] ~]$ ssh-keygen -t rsa

    Step 2: Create .ssh Directory on – 10.10.10.5 

    [tecmint@tecmint ~]$ ssh [email protected] mkdir -p .ssh

    Step 3: Upload Generated Public Keys to – 10.10.10.5 

    [tecmint@tecmint ~]$ cat .ssh/id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys'

    Step 4: Set Permissions on – 10.10.10.5

    [tecmint@tecmint ~]$ ssh [email protected] "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

    Step 5: Login from 10.10.10.4 to 10.10.10.5 Server without Password

    [tecmint@tecmint ~]$ ssh [email protected]

    CRDB@Consul-Server1:/root$ ssh [email protected].5
    [email protected].5’s password:

    Thanks
    Raj

    Reply

    • Hi, I was in the same situation, but I make the next simple and more natural steps (from an SSH perspective)

      After you create keygen, make:

       
$ ssh-add id_rsa

      So the server print: “Identity added: (id_rsa)”.

      next 

      $ ssh-copy-id [email protected]

      System request the CRDB password and later the server print: “Number of keys (s) added: 1”

      finally, you can do:

      $ ssh [email protected]

      Also, you must check the /eth/ssh/sshd_config in your remote server (in your case 10.10.10.5) and set the next values :

      PermitRootLogin yes #only if you will be use root user
PubkeyAuthentication yes # required yes
PasswordAuthentication yes # you can set to NO when requires only SSH passwordless, and check that works fine, but also check after closing any terminal because can close any access!!
UsePAM yes # required

      When making any change over ssh, will need to restart ssh service in your remote server:

      $ sudo service sshd restart
OR
$ sudo systemctl restart sshd

      Regards!
      Juan

      Reply

  10. Really good site, thank you so much for your time in writing the posts.

    Reply

  11. Thank you so much for this very good explanation.

    I searched multiple sites till I got here.

    My issue resolved.

    Reply

  12. I have set the passwordless login, but after login, I have run the script in mid-time connection is closed. Where can set the timings for these connections?

    Reply

    • You can try using the option “ConnectTimeout” with -o as like.

      # ssh -o ConnectTimeout=10 root@target
      Reply

  13. That is a wonderful article explaining passwordless authentication Ravi. I had been looking for something just like this.

    Passwords are out there on their way. Many individuals are already comfortable with being authenticated without a password, such as using FaceID on iOS or scanning a fingerprint on Android, and organizations are gradually moving to passwordless authentication; a way to prove the identity of an online user for enhanced security purposes using an alternate factor other than a password.

    I read a similar article about the same, the link of which I am sharing here: https://www.loginradius.com/blog/start-with-identity/2019/10/passwordless-authentication-the-future-of-identity-and-security/

    I’ll be sharing your article with my friends and colleagues. Till then keep up the good work Ravi :)

    Reply

  14. This is a command to copy the key to server:

    $ ssh-copy-id -i ~/.ssh/mykey user@host
    Reply

    • Typo: comment -> command

      Reply

  15. $ cat ~/bins/makessh1

    ssh $@ mkdir -p .ssh
    cat ~/.ssh/id_rsa.pub | ssh $@ ‘cat >> .ssh/authorized_keys’
    ssh $@ “chmod 700 .ssh; chmod 640 .ssh/authorized_keys”

    Reply

  16. Thanks, very useful article…

    Reply

  17. It works perfectly for me.

    Allow user agent on local/client host to ssh remote server ([email protected]) without a password.

    1. Create Authentication SSH-Keygen Keys on client.
      2. $ ssh-keygen -t rsa
    2. Create .ssh Directory on the remote server.
      3. $ ssh [email protected] mkdir -p .ssh
    3. Upload Generated Public Keys to remote server.
      4. $ cat /u/ainet/.ssh/id_rsa.pub | ssh [email protected] 'cat >> .ssh/authorized_keys'
    4. Set Permissions on remote server.
      5. $ ssh [email protected] "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
    5. Test passwordless ssh connection.
      6. $ ssh [email protected]
    Reply

  18. How do i undo this?

    Reply

    • @Lee,

      Just remove .ssh directory from both the machine…

      Reply

  19. Thanks for nice article

    Reply

  20. A perfect article helped me to set up on my Linux server.

    Reply

  21. Thanks,

    It worked and very useful.

    Reply

  22. Hi Ravi,

    Wonderful post! Thank you! I have a question. I would like to be able to do this for multiple devices (say ssh from a Linux computer into multiple Raspberry Pi computers) When I try to do this for another Pi device, the previous one is forgotten. How can I use what you are showing here for multiple devices?

    Reply

    • @Vincent,

      Create one Authentication SSH-Keygen Keys on your Linux server, and upload the Generated Public Key to multiple remote machines under .ssh directory.

      Reply

  23. Will these authorized_keys files be not expired even after patch deployment server restarts? Can you please reply to this?

    Reply

    • @Revathi,

      No these SSH authorized_keys files never expire and remain the same even after update or upgrade of server to newer releases…

      Reply

  24. Step 2 seems to be misleading, since creating a directory on the server is not feasible w/o this step ssh-copy-id [email protected].

    Reply

    • Step 2 assumes there isn’t already an ssh directory on the server.

      ssh-copy-id‘ is a shell script that will perform steps 2 and 3, but it is not present on every Linux device.

      Following the instruction in step 2 will work in any case.

      Reply

  25. Thank you, it is very useful.

    Reply

  26. how to make password less ssh connectivity for sudo user/passwd

    Reply

  27. I am sorry, but this did not work. The key clearly did not do the needful, and SSH had to proceed to password.

    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/rajarshi/.ssh/id_rsa RSA SHA256:fRkni96PqvRcjzDxjSKhLnNaCazOdOgTFzsKliz7fas
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
    debug1: Trying private key: /home/rajarshi/.ssh/id_dsa
    debug1: Trying private key: /home/rajarshi/.ssh/id_ecdsa
    debug1: Trying private key: /home/rajarshi/.ssh/id_ed25519
    debug1: Trying private key: /home/rajarshi/.ssh/id_xmss
    debug1: Next authentication method: password

    Reply

  28. Very helpful article..

    Reply

  29. I’m getting the error “Permission denied (publickey).” I have pasted the public key in /home/ubuntu/.ssh/authorized_keys the server. But while establishing the connection, I’m getting the error.

    Reply

    • Try: chmod 600 ~/.ssh/authorized_keys

      It should work

      Reply

  30. If you are getting prompted for SSH password then you missed a step :)

    Make sure that you save the id_rsa.pub (the public key) into the keys folder of the user that you wish to SSH into.

    So for example, if you want to SSH as root, then you need the key stored in /root/.ssh/authorized_keys.

    If you want to ssh as ‘yourname‘ then it will be /home/yourname/.ssh/authorized_keys.

    To set this up, you first need to SSH into the destination with username/password combination. Now you’re in, you can copy the ssh public key into the right location. This is why you see “enter your password here” above.

    Reply

  31. Really awesome article, thank you very much.

    Reply

  32. what is the password used in ENTER YOUR PASSWORD section

    Reply

    • YOUR PASSWORD” – all capitals. Easy to remember.

      Reply

  33. Thanks. It works in one go, without any error.

    Reply

  34. I’ve followed your very useful and detailed tutorial line for line but still get prompted for a password each time I ssh into the remote host. Are there any settings in ssh_config or sshd_config that need updating following this?

    Reply

    • same issue here using Redhat 6.9

      Reply

    • @RF and @AliAhmed

      Try this:

      On the machine where the ‘authorized_keys‘ file resides, set proper permissions for the directory .ssh and the file.

      # chmod 700 ~/.ssh/
# chmod 600 ~/.ssh/authorized_keys

      Then, to test:

      In the SSHD config file: */etc/ssh/sshd_config*

      Disable PasswordAuthentication directive
PasswordAuthentication no

      Save, reload/restart sshd deamon.

      This should solve the prompting password field.

      Good luck.

      Reply

  35. The best and clear explanation ever. Thanks for doing this and keep it up with this excellent articles

    Reply

    • Hi,
      A very simple explanation with all descriptive steps. I win in the first attempt
      Thanks for your efforts in this article.

      Reply

  36. awesome document about the remote ssh setup….

    Reply

  37. Here’s a much easier way to do it.

    On the client: 

    $ ssh-keygen
$ ssh-copy-id [user]@[server-ip]

    Done!

    Reply

  38. Thanks, this worked like a charm!

    Reply

  39. I just learned recently that ssh has a simple command to automate the installation of the new public key on remote servers that does steps 2-4 automatically: ssh-copy-id.

    Reply

  40. Hey, how does it work if i want to shut-down 2 or more remote servers with this method, because when i try to do a 2nd remote then i can’t log into the 1st without password any more :(

    Reply

    • That doesn’t make sense to me. Do you mean that you are trying to shutdown machine c from machine b? Or are you trying to shut down both b and c from a

      Reply

    • Actually, I think you may be repeating the key gen step twice. Create the key once and copy to both targets.

      Reply

  41. Possible to update your publickey authentication method from ssh1 to ssh2 protocol-2 – as ssh1 is pretty much obsolete. As well proper use of ssh-keygen to generate higher value key-types for better ssh security!

    Reply

  42. Good, Nice article and easy to understand. keep posted these kind of technical stuff. will help to new people who is new the environments.

    Reply

  43. This seems very complicated all you have to do is use the command ssh-copy-id user@hostname and it would copy that id into the users authorized host files and you can ssh without a password.

    Reply

  44. Thanks buddy, you explained this well. I liked your explanation and it was helpful to me in creating a passwordless ssh on my single node cluster. I’ll try similar steps on my multinode hadoop cluster.

    Reply

  45. This will work for same users (with the name) on different servers to login into each other user without password? for me its asking password again while I try to login

    Reply

    • i think you need to restart the sshd service

      Reply

      • yes, it works for both hosts using the same user account. The service does not need to be restarted

        Reply

  46. Hi,

    I have tried passwordless login and working fine from server A to server B. But reverse side it is not working and asking for password.

    Reply

    • @Joy,

      You need to setup same SSH Passwordless login on server B to A, to have passwordless login.

      Reply

  47. After this is done, can we login the client from the server w/o using password? What about doing this for multiple servers and clients?

    Thank you!

    Reply

    • @Lambert,

      If you have followed instructions correctly, yes you will able to login to remote server without password. For multiple SSH passwordless logins, follow the same instructions on each server.

      Reply

  48. Hello Ravi,

    This is because, if you check ssh config file.

    Default path for ssh authorized keys are in .ssh directory at you home directory.

    ————————————————————————–
    AuthorizedKeysFile .ssh/authorized_keys
    ————————————————————————–

    You can change path if you wish :)

    Reply

  49. why we are going to create a .ssh directory on client server?

    Reply

    • @Ravi,

      To store ssh key under this hidden .ssh directory, which is used to authenticate passwordless login.

      Reply

  50. After following above steps i’m unable to login for local host

    Reply

    • @Yasir,

      What error you getting while login to localhost using SSH?

      Reply

  51. After step 2, when I enter my password, I’ve been getting an error.

    stty: standard input: invalid argument

    Any comments on how to solve this?

    Reply

    • @Sai,

      I think you are using different shell other than Bash shell…

      Reply

  52. Any way to disable the typing animations? Even ebooks don’t have this. It in no way assists, just distracts & irritates.

    Oh – the info is great btw, worked a treat.

    Reply

  53. It would really be much easier to read your article if you used “source server” and “destination server” instead of IP addresses.

    Reply

  55. In step 1: “generate a pair of public keys”, it should be “generate a pair of public/private keys”.

    Reply

  56. Great tutorial! Very clear…I took 5 minutes to set up my computers

    Reply

  57. Great tutorial – best I’ve seen and I’ve been looking for a while. There are a couple of places where its not quite clear, for example “your password” presumably means you/me as root, but the reader might think its Sheen’s password (perhaps Sheena is the user/owner at the other end etc.. And if the destination machine has a different password presumably its for that machine for you/me and not the one for your/my source machine etc.

    Reply

  58. This is a great tutorial, nonetheless maybe it should be updated to learn folks how to generate even stronger RSA keys.

    Reply

  59. After the whole process I am not able to login without password.

    Reply

  60. Question: What happens if the users tecmint or sheena’s password are changed? Can sheena still log into 192.168.0.11 and then to server 192.168.0.12 as tecmint user without password to execute anything?

    Thank you.

    Reply

    • @Min,

      Yes, even after password change user able to login without any password, as SSH works on Key authentication.

      Reply

  61. Amazing tutorial, you really saved me!

    Reply

  62. Outstanding tutorial! thumb up!

    Reply

  63. Tried using the -copy-id but got the error message command does not exist.

    is it available in some newer vesrions

    Reply

    • ssh-copy-id is a binary from standard package named ‘openssh-client’. If you are using system newer that 2010 I guess you should have it :)

      Reply

  64. Ever heard of ssh-copy-id ? :) You can replace this whole tutorial to just two steps :)

    On machine from you login to other machine
    1. ssh-keygen -t rsa
    2. ssh-copy-id user@onthmachineyouwanttoconnect
    3. provide password and voilla – that’s it

    Reply

    • Interesting fact: the ssh-copy-id “binary” is actually a shell script located in the bin folder, marked executable. So, if you need to work with ssh servers that need to use (for instance) a port other than 22, you can edit the binary with a text editor.

      Reply

    • Great thanks, it is awesome :)

      Reply

  65. Awesome!!!! I spent about 6 hours on this.

    Reply

Got Something to Say? Join the Discussion... Cancel reply

Free Course
Get a free Linux course before you go.
Subscribe to TecMint Weekly and get the Learn Linux 7 Days Crash Course free. Read by 34,000+ Linux professionals every Thursday.
Check your email for a magic link to get started.