SSH logins or rsync’s without using a password prompt

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Profile image of Mattias Geniar

Mattias Geniar, February 28, 2012

Follow me on Twitter as @mattiasgeniar

Most commonly SSH is used with a default username/password prompt before you can authenticate to a host. It gives you the well-known prompt.

# ssh john@doe
john@doe's password:

This gets cumbersome and annoying when you want to use SSH logins or Rsync’s in scripts, so we use keys for that. For starters, generate your own public key-pair on your own server (the one that will start the connection to a remote host).

# ssh-keygen

It will prompt you for 3 important questions.

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.

The location of the key can be left by default at /root/.ssh/id_rsa, so just hit enter. Next a passphrase is being asked. With normal certificates, you would enter a strong passphrase as it forms the password to your certificate. If you enter a passphrase here, you can authenticate via a certificate but you’ll be prompted for your certificate password before continueing. If you want password-less authentication, leave the passphrase question empty and just hit twice (the second time to confirm the password). Now it will generate a key-pair for you.

Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
5e:03:a0:dc:46:1d:75:23:09:e4:f6:08:b4:af:74:bc user@mysystem
The key's randomart image is:
+--[ RSA 2048]----+
|      +o++o.o    |
|   . = +. .o .   |
|    o = +        |
|     . = +       |
|      . S +      |
|     . + o .     |
|      . E        |
|                 |
|                 |
+-----------------+

Next, the public key (/root/.ssh/id_rsa.pub) will be copied to the remote server using ssh-copy-id.

# ssh-copy-id mattias@host.be

It will prompt for credentials once, authenticate, and copy your public key to the remote server.

# ssh-copy-id mattias@host.be
mattias@host.be's password:
Now try logging into the machine, with "ssh 'mattias@host'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

That has copied your public key to the remote server. Next time you log in, the system can identify you with that public key and won’t prompt for passwords anymore. If you want to use ssh-copy-id to a remote system on another SSH port, please have a look at the blogpost titled Using ssh-copy-id on an alternative SSH destination port.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.