Password-free authentication for SSH

Source: Internet
Author: User

SSH login with no password to use the public and private keys. Linux can be used to generate a public/private key pair with Ssh-keygen, below I take CentOS as an example.

Note: If the root user cannot log in, the SELinux and firewall will be turned off.

There is machine A (, B ( Now want to a through SSH password-free login to B.

First, take the root account login as an example.

1. Generate a public/private key pair under the a machine.

[[email protected] ~]# ssh-keygen-t rsa-p '

-P for the password,-p ' means the empty password, you can not use the-p parameter, so that three cars to enter, with-P on a return.

The command will generate a pair of keys Id_rsa and under the/root/.ssh directory.

The RSA key for SSH is generally used:

Id_rsa private Key Public Key

The following command produces different types of keys

Ssh-keygen-t DSA


Ssh-keygen-t RSA1

2. Copy the/root/.ssh/ under the a machine into the/root/.ssh/authorized_keys file of the B machine, first create a good/root/.ssh directory on the B machine and copy it with SCP.

[Email protected] ~]# scp/root/.ssh/ [email Protected]:/root/.ssh/authorized_keys

[email protected] ' s password: 100% 223 0.2kb/s 00:00

Since there is no password-free login, enter the root password of machine B once.

3.authorized_keys's Permission if!!!

[Email protected] ~]# chmod 600/root/.ssh/authorized_keys

4.A Machine login B machine.

[Email protected] ~]# ssh-l root

The authenticity of host ' ( ' can ' t be established.

RSA key fingerprint is 00:a6:a8:87:eb:c7:40:10:39:cc:a0:eb:50:d9:6a:5b.

Is you sure want to continue connecting (yes/no)? Yes

warning:permanently added ' ' (RSA) to the list of known hosts.

Last Login:thu Jul 3 09:53:18 from root

[Email protected] ~]#

The first time you log in is when you want to enter Yes.

Now a machine can be no password login B machine.

Summary: Log on the machine can have a private key, the machine to be logged on to have the public key of the machine. This public/private key pair is typically generated on the private key host. Above is the RSA algorithm's public/private key pair, of course, you can also use DSA (the corresponding file is id_dsa,

Want to let A, B machine without password mutual login, that machine is configured in the same manner as above.

The use of Ssh-keygen

Suppose A is a customer machine and B is the target machine;

To achieve the purpose:

A machine SSH login B machine does not need to enter a password;

Encryption mode RSA|DSA can be selected, the default DSA


1. Log In a machine

2, Ssh-keygen-t [RSA|DSA], will generate a key file and a private key file id_rsa, or id_dsa,

3. Copy the. pub file to the. SSH directory of the B machine, and cat >> ~/.ssh/authorized_keys

4, finished, from a machine login B machine's target account, no longer need password;

Ssh-keygen do password verification to enable SSH to the other machine, the SCP does not use the password.

Here's how:


Then all returns, with default values.

This generates a pair of keys that are stored under the ~/.ssh of the user directory.

Test the public key into the user directory of the other machine and copy it into the ~/.ssh/authorized_keys.

Be sure that both SSH and Authorized_keys have write permissions for the user. Otherwise, validation is not valid. (Today is the problem, looking for a long time the problem), in fact, think carefully, this is done so as not to appear system vulnerabilities.

This article is from the "Technology First" blog, please be sure to keep this source

Password-free authentication for SSH

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.