fbpx

Server Setup

CentOS SSH password-less login

by , , revisited on

We have by far the largest RPM repository with NGINX module packages and VMODs for Varnish. If you want to install NGINX, Varnish, and lots of useful performance/security software with smooth yum upgrades for production use, this is the repository for you.
Active subscription is required.

It’s always nice to add more security to your CentOS SSH server while actually increasing the comfort of logging in remotely. Meet password-less login using public key authentication. Here is how to enable it.

The following instructions assume that you are connecting from a Linux or OS X client machine. The setup is quite quick: first, you generate a pair of private and public keys and then copy the public key over to remote server that you want to connect to. After this is done, you will not have to type password while logging in to an SSH session.

Now fire up your Terminal client app and prepare to run a few commands.

Generate identity file

This is the first step. All you need to do, is run:

ssh-keygen -t rsa

Simply type Enter for every prompt. As a result, you have your private/public keys located under your home .ssh subdirectory.

Copy identity file for use with CentOS SSH server using ssh-copy-id

This is the preferred way of enabling password-less SSH login. Command line tool ssh-copy-id is bundled with almost any Linux distribution. It will make sure that the copied file has correct permissions on server.

Note for OS X users

ssh-copy id is not there out of the box. Using HomeBrew is the preferred method to get it. Simply run brew install ssh-copy-id

ssh-copy-id -i ~/.ssh/id_rsa.pub root@domain.com

In case SSH daemon runs on a non-standard port, i.e. 2379:

ssh-copy-id -i ~/.ssh/id_rsa.pub "root@domain.com -p 2379"

Simply enter SSH password once, and you are done. Now you can ssh root@domain.com without being prompted for password.

Copy identity file for use with CentOS SSH server using cat

ssh root@domain.com 'mkdir -p ~/.ssh; chmod 700 ~/.ssh'
cat ~/.ssh/id_rsa.pub | ssh root@domain.com 'cat >> ~/.ssh/authorized_keys'
ssh root@domain.com 'chmod 600 ~/.ssh/*'
# This is required to be run for CentOS 6 SSH server
ssh root@domain.com 'restorecon -R -v ~/.ssh'

You will have to enter your SSH password a few times. Note that CentOS 6 server requires an additional command to be run in order to fix issues with SELinux. After you finish running these commands, you can login to SSH without typing password.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.