How to set up ssh login so you aren't asked for a password

The basic and easy way is to create a RSA authentication key to be able to log into a remote site from your account, without having to type your password.

Here is how to

Step 1,  ssh-keygen

Run ssh-keygen(1) on your machine, and then you can either just hit enter when asked for a password, or type a password for your private key(we discuss this later for this type usecase).
This will generate both a private and a public key. With older SSH versions, they will be stored in ~/.ssh/identity and ~/.ssh/; with newer ones, they will be stored in ~/.ssh/id_rsa and ~/.ssh/

Generating public/private rsa key pair.
Enter file in which to save the key (/home/at001/.ssh/id_rsa):          
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/at001/.ssh/id_rsa.
Your public key has been saved in /home/at001/.ssh/
The key fingerprint is:
a4:0e:36:2f:7e:ad:c7:5a:12:f4:6b:c3:0e:cb:76:22 This email address is being protected from spambots. You need JavaScript enabled to view it.
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|      . .        |
|     . +         |
|    + o S        |
|   . = o .       |
|    . =o*        |
|   .Eo+B=.       |
|    .+=*.        |

You can use option -t to specify the key type

     -t type
             Specifies the type of key to create.  The possible values are “rsa1”
             for protocol version 1 and “rsa” or “dsa” for protocol version 2.

Step 2, adding the generated public key file into remote machine

Add the contents of the generated public key file( ~/.ssh/ into ~/.ssh/authorized_keys on the remote site

Step 3, permission check

The ~/.ssh/authorized_keys file should be mode 600.

Now, You should then be able to use ssh to log in to the remote server without being asked for a password.


More securie way


Now, for the case we just described, there is no protection for the private key file, so that everyone that has read access to the private key file can use it to have the same passwordless access to the remote site. This includes any person that has root access to your local machine. Therefore it's strongly recommended that you use a passphrase for your private key if you are not the only root on your machine.

Step 4, adding passphrase protection for the private key

The passphrase can be set when ssh-agent generates keypair, you can also change the passphrase for an existing private key without regerating the keypair.

$ssh-keygen -p
Enter file in which the key is (/home/atlas001/.ssh/id_rsa):    
Enter old passphrase:
Key has comment '/home/atlas001/.ssh/id_rsa'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.

Now, you have passphrase protection for your private key, but doesn't mean you have to type it every time you want to login remoe machine. ssh key agent will it if for you.

Step 5, use ssh-agent to store and use ssh keys in a secure way.

Start ssh-agent, then run ssh-add to add your private passphrase into ssh-agent, then  you are done.


You can also run ssh-agent automatically when you open bash. Copy the following lines and paste them into your ~/.profile or ~/.bashrc file:

# Note: ~/.ssh/environment should not be used, as it
#       already has a different purpose in SSH.


# Note: Don't bother checking SSH_AGENT_PID. It's not used
#       by SSH itself, and it might even be incorrect
#       (for example, when using agent-forwarding over SSH).

agent_is_running() {
    if [ "$SSH_AUTH_SOCK" ]; then
        # ssh-add returns:
        #   0 = agent running, has keys
        #   1 = agent running, no keys
        #   2 = agent not running
        ssh-add -l >/dev/null 2>&1 || [ $? -eq 1 ]

agent_has_keys() {
    ssh-add -l >/dev/null 2>&1

agent_load_env() {
    . "$env" >/dev/null

agent_start() {
    (umask 077; ssh-agent >"$env")
    . "$env" >/dev/null

if ! agent_is_running; then

# if your keys are not stored in ~/.ssh/ or ~/.ssh/, you'll need
# to paste the proper path after ssh-add
if ! agent_is_running; then
elif ! agent_has_keys; then

unset env

Step 6, ssh in xsession

You can automatically load all your keys in the agent by adding the following lines to your ~/.xsession file:

# if use-ssh-agent is specified in /etc/X11/Xsession.options
# (this is the default) then you need only the second line
# eval ssh-agent

The ssh-askpass package must be installed in order to run ssh-add without a terminal.

Comments powered by CComment