How to ssh to localhost without password?
NetworkingLoginSshPasswordsOpensshNetworking Problem Overview
EDIT: Putting exactly what was done
I need to SSH localhost without password, the usual way of doing it (with public keys) do not work.
user@PC:~$ rm -rf .ssh/*
user@PC:~$ ssh-keygen -t rsa > /dev/null
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
user@PC:~$ ls .ssh/
id_rsa id_rsa.pub
user@PC:~$ ssh-copy-id -i localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is f7:87:b5:4e:31:a1:72:11:8e:5f:d2:61:bd:b3:40:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
user@localhost's password:
Now try logging into the machine, with "ssh 'localhost'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
user@PC:~$ ssh-agent $SHELL
user@PC:~$ ssh-add -L
The agent has no identities.
user@PC:~$ ssh-add
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
user@PC:~$ ssh-add -L
ssh-rsa ...MY KEY HERE
user@PC:~$ ssh-copy-id -i localhost
user@localhost's password:
Now try logging into the machine, with "ssh 'localhost'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
user@PC:~$ ssh localhost echo 'testing'
user@localhost's password:
user@PC:~$
So as you can see in the last command it is still asking the password! How can I fix that? Ubuntu-10.04, OpenSSH_5.3p1
EDIT2:
Adding some info about the sshd
user@PC:~$ cat /etc/ssh/sshd_config | grep Authentication
# Authentication:
RSAAuthentication yes
PubkeyAuthentication yes
RhostsRSAAuthentication no
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
ChallengeResponseAuthentication no
# PasswordAuthentication yes
EDIT3: Ading result from $ssh -vv localhost
$ssh -vv localhost
...
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/identity
debug1: Offering public key: /home/user/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
user@localhost's password:
Networking Solutions
Solution 1 - Networking
I did following 3 steps to create the password less login
1. ssh-keygen -t rsa
Press enter for each line
2. cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
3. chmod og-wx ~/.ssh/authorized_keys
Solution 2 - Networking
Have discovered the problem.
Running the server with debuging:
$sshd -Dd
I found it was not able to read the auth_key
$chmod 750 $HOME
Fixed it.
Solution 3 - Networking
Another possible answer: the authorized_keys file may exist and be readable. But if it is group- or world-writable, it will still prompt for the password. The answer to THAT problem is
chmod og-wx ~/.ssh/authorized_keys
Solution 4 - Networking
Two simple steps:
ssh-keygen -t rsa <Press enter for each line>
ssh-copy-id localhost
Enter password and you're done.
Solution 5 - Networking
Do the following steps
ssh-keygen -t rsa -C "[email protected]"
# Creates a new ssh key, using the provided email as a label
# Generating public/private rsa key pair.
Use the default file and empty passphrase (Simply press enter in the next 2 steps)
# start the ssh-agent in the background
eval "$(ssh-agent -s)"
# Agent pid 59566
ssh-add
Copy the contents of ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys
Ensure following are the permissions
ls -l .ssh/
total 20
-rw-r--r--. 1 swati swati 399 May 5 14:53 authorized_keys
-rw-r--r--. 1 swati swati 761 Jan 12 15:59 config
-rw-------. 1 swati swati 1671 Jan 12 15:44 id_rsa
-rw-r--r--. 1 swati swati 399 Jan 12 15:44 id_rsa.pub
-rw-r--r--. 1 swati swati 410 Jan 12 15:46 known_hosts
Also, ensure the permissions for .ssh directory are. This is also important
drwx------. 2 swati swati 4096 May 5 14:56 .ssh
Solution 6 - Networking
The correct and safe way of doing it is to copy the keys as has been said here.
In other cases, sshpass
can be handy.
sshpass -p raspberry ssh pi@192.168.0.145
Keep in mind that this is not safe at all. Even though it is not a good idea to use it in secure environments, it can be useful for scripting, automated testing...
this can be combined with
ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no pi@192.168.0.145
to avoid confirmation questions that prevent scripting from happening.
Again, only use this in development systems where different machines share an IP and security is not important.
https://ownyourbits.com/2017/02/22/easy-passwordless-ssh-with-sshh/
Solution 7 - Networking
as the accepted answer do, if you encount a problem of
Agent admitted failure to sign using the key.
you need to
ssh-add
Solution 8 - Networking
I faced the same issue even after following all the recommendations, but found out that the issue was with gnome-keyring interference.
Solution:
-
Go Search , look for “Startup Applications”
-
If you see “SSH Key Agent”, uncheck the box
-
Reboot the machine and connect to localhost.
Solution 9 - Networking
I solved ssh login problem this way.
I generate the key pairs on my server side and then scp back the private key to my windows 10 computer and now I can login without password.
Previously I used key pairs generated by my window 10 laptop and there was no luck at all.
Solution 10 - Networking
On Centos 7
SOLUTION
1 create rsa key
2 vim /etc/ssh/ssh_config
3
# IdentityFile ~/.ssh/identity
uncoment this line > IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
Note *I did this after copying the key and some of the other answers before this one. But I am pretty sure this is all you have to do but if not I would append the rsa key to authorized_keys and also run the
ssh-copy-id to username@localhost
Solution 11 - Networking
I encountered the same problem when running unit tests on Docker container(golang:1.13-alpine).
After sshd -Dd
and ssh -vv root@localhost
debugging, I found the reason:
> User root not allowed because account is locked
So, we should unlock the account by passwd -u
or set a password.
Solution 12 - Networking
I fixed my problem setting the AllowUsers on sshd_config file.
Running the server with debuging:
$sshd -Dd
I found it was not allowed the my user
$sudo vi /etc/ssh/sshd_config
Add a row with after #Authentication:
AllowUsers myUser
Solution 13 - Networking
One thing to doublecheck if you have a known good configuration for ssh is that your /etc/hosts.allow includes a reference to localhost, since the source IP for a localhost connection would be coming from 127.0.0.1 rather than your network IP. I was stumped on this for some time, but after adding the following to /etc/hosts.allow my configuration immediately worked.
ALL: 127.0.0.1/32
I figured I would add this since none of the other answers mentioned it and this was the top hit from my search for the same error.
Solution 14 - Networking
RHEL8
In my case after successful keys configuration it still did not work. I found following error in /var/log/secure:
pam_access(sshd:account): access denied for user `username' from `::1'
So I had to edit:
/etc/security/access.conf
And add there '::1' to allowed hosts by adding a line:
+:<username>:LOCAL ::1
It immediately started to work, even without restart of sshd service.