How to setup passwordless SSH login in Linux between two servers

Last updated on December 22nd, 2022 at 07:00 am

Certain requirements in production environment [Linux/Unix/AIX] demands a need to have SSH without password prompt from one server to another under some user id.

How to accomplish that? Here is the solution and tips on how to approach this . First of all let us take 2 servers as an example. I am using here 2 RHEL (RedHat Linux) version 8 (EC2 instance launched in AWS)

SERVER A (ip-172-31-0-1) and SERVER B (ip-172-31-0-2)

STEP 1

Switch to the user ID where you need the process to be running. [MAKE SURE THAT YOU HAVE HOME DIRECTORY SET FOR THE RESPECTIVE ID ON BOTH THE SERVERS]. Since this is an example I am using ec2-user-new as the user id.
Generate SSH keys in SERVER A.

[ec2-user-new@ip-172-31-0-1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ec2-user-new/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ec2-user-new/.ssh/id_rsa.
Your public key has been saved in /home/ec2-user-new.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:MZD7ghM/WwW3n36HBbBwUKn9ZW6IDjqapLHG1MZIzdE [email protected]
The key's randomart image is:
+---[RSA 3072]----+
|      .o  .o..   |
|      o.E o +    |
|     o ooo * o   |
|    o +  o+ o . o|
|   . B .S. . + * |
|    = B o . + o +|
|   o.o.= . +   + |
|    o=..o   o o .|
|   .o o. .   . . |
+----[SHA256]-----+
ec2-user-new@ip-172-31-0-1 ~]$ 

This will create PUBLIC KEY with an extension .PUB and another key which is the PRIVATE KEY inside the /home/YOUR_ID/.ssh directory.
In my case it created public key file inside /home/ec2-user-new/.ssh directory

[ec2-user-new@ip-172-31-0-1 ~]$ cd /home/ec2-user-new/.ssh/
[ec2-user-new@ip-172-31-0-1 .ssh]$ ls -rlt
total 12
-rw-------. 1 ec2-user-new admin  392 Feb  3 22:35 authorized_keys
-rw-r--r--. 1 ec2-user-new admin  592 Feb  7 21:55 id_rsa.pub
[ec2-user-new@ip-172-31-0-1 .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChf2EY8n9yX+QxjWPYnBC8dDyTDaQPbgSVQUAPt6KEqEFUgn3sv5EfVAS3nfEAIvRppCXYl= [email protected]

STEP 2

Now Login to SERVER B and CHANGE DIRECTORY [cd command] to the home directory of the same id. Then copy the content of the PUBLIC KEY that was created in to a file named authorized_keys . Make a backup of the authorized_key file before updating anything

You can either use echo command to put the public key content inside authorized_keys as shown below.

[ec2-user-new@ip-172-31-0-2 .ssh]$ cp -p /home/ec2-user-new.ssh/authorized_keys /home/ec2-user-new/.ssh/authorized_keys_BKP
[ec2-user-new@ip-172-31-0-2 .ssh]$ echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChf2EY8n9yX+QxjWPYnBC8dDyTDaQPbgSVQUAPt6KEqEFUgn3sv5EfVAS3nfEAIvRppCXYl= [email protected]" >> /home/ec2-user-new/.ssh/authorized_keys

OR

Try copying id_rsa.pub file from ip-172-31-0-1 (SERVER A) to ip-172-31-0-2 (SERVER B ) manually and then run cat command. (Assuming you saved the public key file in /tmp location of SERVER B)

[ec2-user-new@ip-172-31-0-2 .ssh]$ cat /tmp/id_rsa.pub >> /home/ec2-user-new/.ssh/authorized_keys

You are all set now.

Logout of SERVER B and LOGIN WITH THE SAME ID ON SERVER A

Try issuing ssh command as shown below.

[ec2-user-new@ip-172-31-0-1 .ssh]$ ssh [email protected] 
The authenticity of host '172.31.0.2 (172.31.0.2 )' can't be established.
ECDSA key fingerprint is SHA256:+XOaz7kUouG7Y5bXsseZozA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.31.0.2 ' (ECDSA) to the list of known hosts.
[ec2-user-new@ip-172-31-0-2 ~]$

Kindly note that in the very first login after setting the above steps it may prompt you to add fingerprint and just give “yes”. But subsequent logins should not prompt you for anything as shown

[ec2-user-new@ip-172-31-0-1  ~]$ ssh [email protected]
Last login: Mon Feb  7 21:57:45 2022 from 172.31.0.1
[ec2-user-new@ip-172-31-0-2 ~]$

This will take you to SERVER B without any password prompt. Similar steps can be followed in any linux flavors.

Things to Remember

• Make sure the home directory permission /home/YOUR_ID This should be 755
• The other files like PRIVATE AND PUBLIC KEYS and also the AUTHORIZED_KEYS should have only 600 permission. THIS IS A MUST OTHERWISE IT WONT WORK.
• If you are using EC2 then make sure your security groups allow SSH on port 22 between those servers
• Also make sure your server firewall allow these ips