# Linux - ssh without password ###### tags: `linux` `ssh` ``` # Manual Steps 1. create a key pair ssh-keygen -t rsa -N "" 2. copy ~/.ssh/id_rsa.pub to remote host ~/.ssh/authorized_keys 3. modify /etc/ssh/sshd_config, remove comment of the lines below RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys 4. restart sshd and done service sshd restart !!! you may choose other encryption method. Modify step 1 and step 2: ssh-keygen -t dsa -N "" copy ~/.ssh/id_dsa.pub to host ~/.ssh/authorized_keys !!! for old ssh can only RSA version 1. Modify step 1 and step 2: ssh-keygen -t rsa1 -N "" copy ~/.ssh/identity.pub to host ~/.ssh/authorized_keys !!! you can use 'ssh-copy-id' to copy public key to authorized_keys in remote host (1) ssh-keygen root@node01:~# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 33:f3:0b:2a:bf:98:78:fd:ee:30:01:b8:22:e1:f3:f6 root@node01 The key's randomart image is: +--[ RSA 2048]----+ | | | . | |. . . | |.. . . | |oo. . S | |..o . = | | o .o . . | | ..+o.+ . . | | ..oE+=+ . | +-----------------+ (2) ssh-copy-id root@node01:~# ssh-copy-id root@node02 The authenticity of host 'node02 (10.10.10.2)' can't be established. ECDSA key fingerprint is 42:59:d8:46:55:d5:51:7e:24:fc:7d:72:9b:1f:45:73. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@node02's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@node02'" and check to make sure that only the key(s) you wanted were added. root@node01:~# !!! Add fingerprint of a server to your know_hosts file so that ssh will automatically accept keys to login remote server without asking yes/no. root@admin:~# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:d5:6e:64 brd ff:ff:ff:ff:ff:ff inet 192.168.124.100/24 brd 192.168.124.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fed5:6e64/64 scope link valid_lft forever preferred_lft forever root@admin:~# ssh-keyscan -H 192.168.124.101 >> ~/.ssh/known_hosts # 192.168.124.101 SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 # 192.168.124.101 SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 root@admin:~# cat ~/.ssh/known_hosts |1|3NrXKx8Sne+syaWT4nP1iGmfDqY=|OKNyHXHhcRPzbWw5uULQTqE1aHw= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFpANWJQkv9YwkL5bghbxndmBi3YnXOq3HdGFVtTY2WCLfxlyyj0CWb2nR7XNu2eYus+xiNEKAc3HSFw+wj2we4= |1|tO1VmVo7f5aPqJf+WZbs904WIYA=|J9rN6jdVrvhTzajKSaFa4YJq79Y= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDlmHHgsyjY0E/RvBA2dg9t51T5jiF/rgVFwDsq/NBpym4zfLj4eLqmKnmpLFvdSOssyz5yIj0sqUQj9ilTuM3HlENAy6zISIm+rXiPgP4tt6PUBXYjauYbXeJfrVUorDnnS5Q62eCoL4VZQpqoOpsrmPvuOHv8DZ977TTwXcsJcgvlPufoPbxQxL+71fmltuP7FZzt8rPPHl7z4t5oNCjPAr3p+H/DQH9XOtizoUeYcTo7lZvgDZzCvhRD+MrYk/xZ8+6h5c48UUL8pFKD839J0cksZiN9Kfch6rU3+kk0ELKasTAq1FzTUr5Ir4bWGAzQyCiCHBrDbSgt+/udm0+L root@admin:~# ssh 192.168.124.101 Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-25-generic x86_64) * Documentation: https://help.ubuntu.com/ System information as of Tue Mar 1 22:44:03 CST 2016 System load: 0.0 Processes: 74 Usage of /: 38.7% of 2.89GB Users logged in: 1 Memory usage: 5% IP address for eth0: 192.168.124.101 Swap usage: 0% Graph this data and manage this system at: https://landscape.canonical.com/ 118 packages can be updated. 51 updates are security updates. Last login: Tue Mar 1 22:44:03 2016 from 192.168.124.100 root@mon01:~# ```