3 Steps to Perform Passwordless SSH Login Using ssh-keygen and ssh-copy-id
As explained in this article, we can use ssky-keygenand ssh-copy-idto log in to a remote Linux server without a password in 3 simple steps.
ssh-keygenCreate public and private keys. ssh-copy-idCopy the local host's public key to the remote host's authorized_keys file. ssh-copy-idAlso create a private key for the remote host's home ,/.ssh** and**/.ssh/authorized_keys** has appropriate permissions assigned.
This article also explains ssh-copy-id3 minor annoyances of using and how to use ssh-copy-idwith ssh-agent.
Step 1: Create public and private keys using ssh-key-gen on your local host
迹忆客@jiyik.com-local$ [Note: You are on jiyik.com-local here]
迹忆客@jiyik.com-local$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jiyik/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jiyik/.ssh/id_rsa.
Your public key has been saved in /home/jiyik/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 迹忆客@jiyik.com-local
Step 2: Copy the public key to the remote host using ssh-copy-id
迹忆客@jiyik.com-local$ ssh-copy-id -i ~/.ssh/id_rsa.pub jiyik.com-remote
迹忆客@jiyik.com-local's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
注意:ssh-copy-id Append the key to the remote host's .ssh/authorized_key .
Step 3: Log in to the remote host without entering a password
迹忆客@jiyik.com-local$ ssh jiyik.com-remote
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
[Note: SSH did not ask for password.]
迹忆客@jiyik.com-remote$ [Note: You are on remote-host here]
In most cases, the above 3 simple steps should get the job done.
We have also previously discussed in detail SSH and SCP from openSSH to openSSH without entering a password .
If you are using SSH2, we have previously discussed performing SSH and SCP without a password from SSH2 to SSH2 , from OpenSSH to SSH2 , and from SSH2 to OpenSSH .
Using ssh-copy-id with ssh-add/ssh-agent
If no value is passed
for option -i and if ~/.ssh/identity.pub is not available, then ssh-copy-idthe following error message will be displayed.
迹忆客@jiyik.com-local$ ssh-copy-id -i jiyik.com-remote
/usr/bin/ssh-copy-id: ERROR: No identities found
If you have ssh-addloaded the key into using ssh-agent, ssh-copy-idwill fetch the key from to copy to the remote host. That is, when option -issh-agent is not passed to , it copies the key provided by the command to the remote host.ssh-copy-idssh-add -L
迹忆客@jiyik.com-local$ ssh-agent $SHELL
迹忆客@jiyik.com-local$ ssh-add -L
The agent has no identities.
迹忆客@jiyik.com-local$ ssh-add
Identity added: /home/jiyik/.ssh/id_rsa (/home/jiyik/.ssh/id_rsa)
迹忆客@jiyik.com-local$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV
aHrtPhTYpq7kIEMUNzApnyxsHpH1tQ/Ow== /home/jiyik/.ssh/id_rsa
迹忆客@jiyik.com-local$ ssh-copy-id -i jiyik.com-remote
迹忆客@jiyik.com-remote's password:
Now try logging into the machine, with "ssh 'jiyik.com-remote'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[Note: This has added the key displayed by ssh-add -L]
Three small troubles of ssh-copy-id
Here are some minor issues with ssh-copy-id.
-
Default public key :
ssh-copy-idUse ~/.ssh/identity.pub as the default public key file (i.e. when no value is passed to option -i ). Instead, I want it to use id_dsa.pub , id_rsa.pub , or identity.pub as the default key. i.e. if any of those exist, it should copy it to the remote host. If two or three exist, it should copy identity.pub by default . -
The agent has no identities : When
ssh-agentis running andssh-add -Lreturns " The agent has no identities " (i.e. nossh-agentkeys were added to ), the authorized_keysssh-copy-identry that sends the message "The agent has no identities" to the remote host will still be replicated . -
Duplicate entries in authorized_keys : I wish
ssh-copy-idto verify duplicate entries on a remote host's authorized_keys. If executed multiple times on the local hostssh-copy-id, it will continue to append the same key on the remote host's authorized_keys file without checking for duplicates. Everything works as expected even with duplicate entries. However, I would like to keep my authorized_keys file cluttered.
For reprinting, please send an email to 1244347461@qq.com for approval. After obtaining the author's consent, kindly include the source as a link.
Related Articles
How to use the Linux file remote copy command scp
Publish Date:2025/04/08 Views:151 Category:OPERATING SYSTEM
-
Scp copies files between two hosts over the network, and the data is encrypted during transmission. Its underlying layer uses ssh for data transmission. And it has the same authentication mechanism and the same security level as ssh. When u
Linux server svn remote code synchronization
Publish Date:2025/04/08 Views:79 Category:OPERATING SYSTEM
-
In the article "Building SVN Service Project and Synchronizing Code to Project Directory" , we briefly introduced how to use SVN to synchronize submitted code to the working directory. But there is a problem here, that is, the SVN service a
SSH key-based authentication setup from openSSH to SSH2
Publish Date:2025/04/07 Views:128 Category:OPERATING SYSTEM
-
Previous articles ( openSSH to openSSH setup , SSH2 to SSH2 setup ) explained how to set up key-based authentication on the same version of ssh to perform ssh and scp without entering a password. This article explains how to set up SSH key-
SSH2 key-based authentication setup
Publish Date:2025/04/07 Views:78 Category:OPERATING SYSTEM
-
I have previously explained how to perform SSH and SCP on openSSH without entering a password . In this article, I will explain how to set up key-based authentication on SSH2 and perform SSH/SCP without entering a password using the followi
SSH and SCP without password on openSSH
Publish Date:2025/04/07 Views:61 Category:OPERATING SYSTEM
-
SSH key-based authentication has two levels of security. In order for us to log in, we need both the private key and the password. Even if one of them is compromised, the attacker still won’t be able to log into our account because both o
How to SSH and SCP from SSH2 to OpenSSH without a password
Publish Date:2025/04/07 Views:195 Category:OPERATING SYSTEM
-
In our previous article, we discussed how to set up ssh key-based authentication to perform ssh and scp without a password in the following three scenarios: OpenSSH to OpenSSH OpenSSH to SSH2 SSH2 to SSH2 In this article, I will explain how
How to Set Up a Reverse SSH Tunnel on Linux
Publish Date:2025/04/07 Views:197 Category:OPERATING SYSTEM
-
Reverse SSH is a technique that can be used to access a system (behind a firewall) from the outside. As we all know, SSH is a network protocol that supports encrypted communication between network nodes. Using this protocol, we can do secur
Linux iptables: How to add firewall rules (taking SSH as an example)
Publish Date:2025/04/07 Views:193 Category:OPERATING SYSTEM
-
This article explains how to iptables -A add iptables firewall rules using the (append) command. -A for appending. If it makes it easier for us to remember -A as adding rules (rather than appending rules), then that's fine. However, remembe
Linux iptables: Incoming and Outgoing Rules Example (SSH and HTTP)
Publish Date:2025/04/07 Views:125 Category:OPERATING SYSTEM
-
In our previous article in the iptables firewall series, we reviewed how to iptables -A add firewall rules using . We also explained how to allow incoming SSH connections. At a high level, it involves the following 3 steps. Delete all exist
