Site icon GetPageSpeed

CentOS SSH password-less login

It’s always nice to add more security to your CentOS SSH server while actually increasing the comfort of logging in remotely. Meet password-less login using public key authentication. Here is how to enable it.

The following instructions assume that you are connecting from a Linux or OS X client machine. The setup is quite quick: first, you generate a pair of private and public keys and then copy the public key over to remote server that you want to connect to. After this is done, you will not have to type password while logging in to an SSH session.

Now fire up your Terminal client app and prepare to run a few commands.

Generate identity file

This is the first step. All you need to do, is run:

ssh-keygen -t rsa

Simply type Enter for every prompt. As a result, you have your private/public keys located under your home .ssh subdirectory.

Copy identity file for use with CentOS SSH server using ssh-copy-id

This is the preferred way of enabling password-less SSH login. Command line tool ssh-copy-id is bundled with almost any Linux distribution. It will make sure that the copied file has correct permissions on server.

Note for OS X users

ssh-copy id is not there out of the box. Using HomeBrew is the preferred method to get it. Simply run brew install ssh-copy-id

ssh-copy-id -i ~/.ssh/id_rsa.pub root@domain.com

In case SSH daemon runs on a non-standard port, i.e. 2379:

ssh-copy-id -i ~/.ssh/id_rsa.pub "root@domain.com -p 2379"

Simply enter SSH password once, and you are done. Now you can ssh root@domain.com without being prompted for password.

Copy identity file for use with CentOS SSH server using cat

ssh root@domain.com 'mkdir -p ~/.ssh; chmod 700 ~/.ssh'
cat ~/.ssh/id_rsa.pub | ssh root@domain.com 'cat >> ~/.ssh/authorized_keys'
ssh root@domain.com 'chmod 600 ~/.ssh/*'
# This is required to be run for CentOS 6 SSH server
ssh root@domain.com 'restorecon -R -v ~/.ssh'

You will have to enter your SSH password a few times. Note that CentOS 6 server requires an additional command to be run in order to fix issues with SELinux. After you finish running these commands, you can login to SSH without typing password.

Exit mobile version