Example: If you want to login from serverA to serverB without password then you need to follow the step below.
First Login to Server-A and generate SSH keys using ssh-keygen command
[[email protected] /]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/justgeek/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/justgeek/.ssh/id_rsa.
Your public key has been saved in /home/justgeek/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [email protected]
The key's randomart image is:
| . ..oo..|
| . . . . .o.X.|
| . . o. ..+ B|
| . o.o .+ ..|
| ..o.S o.. |
| . %o= . |
| @.B... . |
| o.=. o. . . .|
| .oo E. . .. |
So you have successfully generated keys and now you need to copy public key to the remote host which you wish to login without password.
You need to append the key mentioned in /home/justgeek/.ssh/id_rsa.pub to server-b in the file /home/justgeek/.ssh/authorized_keys
So the file (/home/justgeek/.ssh/authorized_keys) on server-b will look something like this.
[[email protected]]$ cat /home/justgeek/.ssh/authorized_keys
ssh-rsa QFSJZPPFWWFa4sLrqXPNyY2gJWtef7ZBYFEc19sl6BjnhwMMRnBrcGX1JBlm3fWW8+DwmwrG73LEomYk5KZNKV1nCNjwhLCanmmZwv8R6TIOrMASV4aOIFvVWgYDlKfQsmqZFKQm2H5Pem7qUGdJ962I9ZeC8pqPwYPR2YMrWiffMBlBXfqhfjiZlxyhuPeBr2YwPEyPoJ1iSdMarG3HgbCTkcfYHn4L9RMLvN4wrgkN3n1b8ArR3JV7kg0IIvxAAYlTQaZtl0f70yLSSO0SI1ZTQryPC0hWCS5Uz5T12YtEC85ymYhA\4vOnKebfXhuCsiGiCY5zVWNfXBNdXcXyeUrqV9HyKtjHdpcH6iB7MNSiIRn5F74== [email protected]
Note: Key mentioned above is just an example, it’s not a real key.
Another, simple command to copy key to server-b is using ssh-copy-id
[[email protected] /]# ssh-copy-id [email protected]
[email protected]'s password:
X11 forwarding request failed on channel 0
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'server-b'"
and check to make sure that only the key(s) you wanted were added.
Bingo !! Now just do ssh [email protected] from server-a and password won’t be asked.