This tutorial is going to be teaching you how to setup SSH keys on linux for passwordless authentication. In our lab, we already have our DNS resolving locally so we are going to be using hostnames rather than IP addresses. IP addresses will work in place of the hostname, otherwise, you can add the IP and Hostnames to each linux machines /etc/hosts file. But we will cover those in a different tutorial.
Using SSH keys has many different uses. One being that you can SSH into your computers securely without having to enter a password every time. Other uses are for software like Ansible for server management or Ceph for storage management. These 2 pieces of software require passwordless SSH access to the machines to function correctly.
Creating the SSH key
In this step, we will be doing the commands on the machine you want to SSH to other machines from. So your main computer running linux (this way also works on MacOS).
Run ssh-keygen to create the key pair.
[vulnifo@centos-stream ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vulnifo/.ssh/id_rsa): Just hit enter here to save to the default key file.
Enter passphrase (empty for no passphrase): Leave this empty, otherwise you will still need a password to unlock the key file, which defeats the purpose of passwordless authentication.
Your identification has been saved in /home/vulnifo/.ssh/id_rsa.
Your public key has been saved in /home/vulnifo/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1dTuyyJEIyEtoiu8ETLbMYVRrxyOyjHf37+B3YVJp4U vulnifo@centos-stream.vulnifolab.com
The key's randomart image is:
+---[RSA 3072]----+
| .+. . .. |
| . o.o o o o |
| o...o .. .E o |
|o.++ o ..o . B |
|o*o++ So . = . |
|++* . + . o |
|.oo. . o o o . |
| . . . . o o |
| . ..+.. |
+----[SHA256]-----+
Send the key to other machines
In this step we are going to send the keys to the computers that we want to connect to by using the ssh-copy-id command.
The sytanx for this command is ssh-copy-id / username@hostname(or IP)
I am going to copy the key to a test machine that I would like easy access to.
[vulnifo@centos-stream ~]$ ssh-copy-id vulnifo@test-server-1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/vulnifo/.ssh/id_rsa.pub"
The authenticity of host 'test-server-1 (172.16.1.32)' can't be established.
ECDSA key fingerprint is SHA256:snRDKxb4TbTT2Rf5wJv2IJCybc2Zyu5oN0rS5Uny5+0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? Hit yes here to allow the transfer.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password for vulnifo@test-server-1.vulnifolab.com:
Now enter the password for your user name on the second machine.
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'vulnifo@test-server-1'"
and check to make sure that only the key(s) you wanted were added.
[vulnifo@centos-stream ~]$
Test passwordless authentication
Now try to login to your machine using the following syntax; ssh user@hostname(orIP) and you should be greeted with the prompt without having to enter a password.
[vulnifo@centos-stream ~]$ ssh vulnifo@test-server-1
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Sun Jul 18 14:52:42 2021 from 172.16.1.161
[vulnifo@test-server-1 ~]$ Conclusion
There you have it, you can now enjoy passwordless SSH authentication on linux using ssh keys to connect to other machines. I hope you found this tutorial helpful. If so, please share!
Follow us on twitter at @vulnifo to stay updated with new posts and information!
Visit our contact page for more ways to get in touch.