Server Setup

CentOS SSH password-less login

by , , revisited on


We have by far the largest RPM repository with dynamic stable NGINX modules and VMODs for Varnish 4.1 and 6.0 LTS. If you want to install NGINX, Varnish and lots of useful modules for them, this is your one stop repository to get all performance related software.
You have to maintain an active subscription in order to be able to use the repository!

It’s always nice to add more security to your CentOS SSH server while actually increasing the comfort of logging in remotely. Meet password-less login using public key authentication. Here is how to enable it.

The following instructions assume that you are connecting from a Linux or OS X client machine. The setup is quite quick: first, you generate a pair of private and public keys and then copy the public key over to remote server that you want to connect to. After this is done, you will not have to type password while logging in to an SSH session.

Now fire up your Terminal client app and prepare to run a few commands.

Generate identity file

This is the first step. All you need to do, is run:

ssh-keygen -t rsa

Simply type Enter for every prompt. As a result, you have your private/public keys located under your home .ssh subdirectory.

Copy identity file for use with CentOS SSH server using ssh-copy-id

This is the preferred way of enabling password-less SSH login. Command line tool ssh-copy-id is bundled with almost any Linux distribution. It will make sure that the copied file has correct permissions on server.

Note for OS X users

ssh-copy id is not there out of the box. Using HomeBrew is the preferred method to get it. Simply run brew install ssh-copy-id

ssh-copy-id -i ~/.ssh/id_rsa.pub root@domain.com

In case SSH daemon runs on a non-standard port, i.e. 2379:

ssh-copy-id -i ~/.ssh/id_rsa.pub "root@domain.com -p 2379"

Simply enter SSH password once, and you are done. Now you can ssh root@domain.com without being prompted for password.

Copy identity file for use with CentOS SSH server using cat

ssh root@domain.com 'mkdir -p ~/.ssh; chmod 700 ~/.ssh'
cat ~/.ssh/id_rsa.pub | ssh root@domain.com 'cat >> ~/.ssh/authorized_keys'
ssh root@domain.com 'chmod 600 ~/.ssh/*'
# This is required to be run for CentOS 6 SSH server
ssh root@domain.com 'restorecon -R -v ~/.ssh'

You will have to enter your SSH password a few times. Note that CentOS 6 server requires an additional command to be run in order to fix issues with SELinux. After you finish running these commands, you can login to SSH without typing password.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.