Setting up password-less SSH authentication in CentOS

Setting up password-less SSH authentication in CentOS

There are the specific cases where typing the same password over and over again gets cumbersome, or those odd instances where typing a password isn’t even possible (due to automated scripts and processes).

These are the cases where password-less login – also known by the correct name: public-key authentication – is the solution. The procedure is simple and it involves creating a private/public key pair on the source machine and transferring the public key to the target machine.

On the source machine (the one that will be transferring files to the target):


This will generate a new key fingerprint (skip entering a passphrase):

[root@server ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/
The key fingerprint is:
7f:ab:f0:09:eb:b2:e6:96:31:be:6e:0e:3b:1b:e2:32 root@server
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|        S        |
|      o  .       |
|  . o. +o . .    |
|E. ..+B  = o .   |
| o. oX*=o +..    |

Still on the source server, run
ssh-copy-id user@targetserver
or if the target server is running SSH on a custom port number
ssh-copy-id "user@targetserver -p 123"

This step will copy the key to the target system. You will be asked to login using the password one more time. Once this step is done you will be able to automatically login when SSH-ing from the source server to the target server.

The procedure can then be run in reverse (from the target machine) if you wish bidirectional public-key authentication.

If you later need to remove this type of authentication, edit
and delete the necessary lines.

Leave a Reply