IBM Support

IBM AIX: Configure an OpenSSH user for passwordless login

How To


Summary

This document lists the steps needed to configure an OpenSSH user to be able to log in to an ssh server using ssh, sftp, or scp, without needing a password.

Steps

1) Log in as the user on the client where the ssh, sftp, or scp command is run.
2) Check the user's .ssh directory to see if it has any public/private key pairs. Note that DSA and RSA keys are deprecated and should not be used.
ls ~/.ssh
3) If the user does not have an ecdsa or ed25519 key pair, run the ssh-keygen command to generate a public/private key pair. The ed25519 key type is the most secure.
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
You will be prompted to enter a passphrase. If an automatic (unprompted) login is needed, press Enter both times set an empty passphrase. If you specify a passphrase, you must enter this passphrase each time you log in. For instructions on using passphrases, see AIX: OpenSSH Public Key Authentication with Passphrase.
4) Copy the file ~/.ssh/id_ed25519.pub (or ~/.ssh/id_ecdsa.pub) to the ssh server (the target of the ssh, sftp, or scp command).
5) Log in to the ssh server as the target user with the ssh command.
6) Append the public key file you copied in step 4 to the authorized_keys for the ssh user. If the user does not have a .ssh directory in their home directory, create it first.
mkdir ~/.ssh
cat /tmp/id_ed25519.pub >> ~/.ssh/authorized_keys
7) Ensure that the PubkeyAuthentication option in the /etc/ssh/sshd_config file on the ssh server is either commented out or set to "yes". If you change the option, stop and restart sshd for the change to take effect. This does not affect existing sessions.
stopsrc -s sshd
startsrc -s sshd
8) You are now able to log in to the ssh server without a password.

Additional Information

SUPPORT:

If the instructions in this document do not lead to resolution of the problem, follow these instructions to open a case. The product must be under warranty or have an active and valid support contract.

a. Document or take screen captures of all symptoms, errors, or messages.

b. Capture any logs or data relevant to the issue.

c. Contact IBM® to open a case.

-For electronic support, visit the IBM Support Community:
https://www.ibm.com/mysupport
-If you require telephone support, visit this web page:
https://www.ibm.com/planetwide/

d. Provide a detailed description of the issue and a reference to this technote.

e. Upload all of the details and data to the case.

-You can attach files to the case in the IBM Support Community, or
-Upload data to IBM test case server analysis at this URL:

http://www.ibm.com/support/docview.wss?uid=ibm10733581

f. Click here to submit feedback for this document.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvwrAAA","label":"Communication Applications"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
26 April 2024

UID

ibm17149405

Page Feedback