How to Set Up Passwordless SSH & SFTP Access Between Two Linux Servers

Purpose

These steps will guide you through the process of establishing seamless access between two servers using a public/private key pair. The goal is to enable both systems to connect seamlessly via SSH and SFTP without requiring a password. This method is used in the RADAR project to pass WAV files from the recording computer to the processing computer.

Pre-Requisites

You understand that private keys should be treated securely. Only transfer them to intended systems and over secure networks.
You have SSH and SFTP access to both servers.
You will be using a third computer to complete this setup.

You will use the third computer to copy and paste the public key into the authorized_keys file during an SSH session.
You will use SFTP to transfer the private key file.

System Reference

We will refer to the following systems throughout this guide:

Server 1
- Hostname: RADAR01
- Username: recorder
Server 2
- Hostname: RADAR02
- Username: processor

NOTE: The “Steps to Create the Public/Private Key Pairs,” “Steps to Configure Public Keys,” and “Test SSH & SFTP Access” sections should be completed on both servers.

Steps to Create the Public/Private Key Pairs

1.) Ensure you are in the home directory by issuing the following command:

cd ~

2.) Issue the following command to generate a public/private key file with a key size of 4096. When prompted for a passphrase, press Enter to leave it blank and continue.

ssh-keygen -t rsa -b 4096

If successful, the following public/private key files will be created in the /home/username/.ssh directory:

id_rsa
id_rsa.pub

It is recommended to change the names of these files to avoid confusion when transferring them between servers.

Server	Default File Name	Purpose	Recommended Name Change
Server 1	id_rsa	Private key	RADAR01_recorder_-_id_rsa
Server 1	id_rsa.pub	Public key	RADAR01_recorder_-_id_rsa.pub
Server 2	id_rsa	Private key	RADAR02_processor_-_id_rsa
Server 2	id_rsa.pub	Public key	RADAR02_processor_-_id_rsa.pub

Server 1’s private key file (RADAR01_recorder_-_id_rsa) will need to be copied to server 2.
Server 2’s private key file (RADAR02_processor_-_id_rsa) will need to be copied to server 1.
Server 1’s public key contents (RADAR01_recorder_-_id_rsa.pub) will need to be copied into the authorized_keys file of both Server 1 and Server 2.
Server 2’s public key contents (RADAR02_processor_-_id_rsa.pub) will need to be copied into the authorized_keys file of both Server 2 and Server 1.

NOTE: When it is time to copy the contents of the public key file, you will open the public key file using nano and then copy/paste the contents between SSH sessions.

Steps to Configure Public Keys

1.) Change into the .ssh directory of the applicable user’s home directory.

cd ~/.ssh

2.) Open the authorized_keys file.

nano authorized_keys

3.) Copy/paste the public key of both Server 1 and Server 2 as new rows below any already established keys.

4.) Save and close the authorized_keys file.

Steps to Check OpenSSH Server Configuration

1.) Open the sshd_config file.

sudo nano /etc/ssh/sshd_config

2.) Ensure the following settings are enabled:

PubkeyAuthentication yes
PasswordAuthentication no # Once key-based auth is confirmed
PermitRootLogin no
AuthorizedKeysFile .ssh/authorized_keys

3.) Restart the OpenSSH service.

sudo systemctl restart ssh

Test SSH & SFTP Access

At this point you should be able to connect into Server 1 from Server 2 and vice versa.

We will test the connection using SSH’s verbose mode. That will allow us to review any errors in the authentication attempt which will help with troubleshooting.

If all goes well, you should automatically be connected to the system you wanted to connect to via SSH.

From Server 1 or Server 2, issue the following command:

ssh -vvv X.X.X.X

NOTES:

Replace X.X.X.X with the IP address of the remote system. If the hostname resolves correctly, you can use it instead of the IP address.
This command will show verbose debug information which is helpful for troubleshooting. We will only use this command for initial testing. Once testing concludes, we will switch to the normal command.

Assuming the connection was successful, you can type exit and then connect into the remote system using one of the following commands:

ssh X.X.X.X

ssh username@X.X.X.X

NOTE: Replace X.X.X.X with the IP address of the remote system. If the hostname resolves correctly, you can use it instead of the IP address.
SFTP access is configured similarly:

sftp X.X.X.X

sftp username@X.X.X.X

NOTE: Replace X.X.X.X with the IP address of the remote system. If the hostname resolves correctly, you can use it instead of the IP address.

Test SFTP Batch File Transfer

The following commands can be used to test SFTP transfers. You can place them all into a single file (e.g., sftp_batch_transfer_test.txt) and run them ran as a batch process. Ensure you replace the paths to files with actual files.

put /path/to/local/file.txt /path/to/remote/
get /path/to/remote/file.txt /path/to/local/
bye

To run the commands as batch:

sftp -b sftp_commands.txt Debian

Commands for Troubleshooting

SSH Logs

sudo journalctl -u ssh -f

SSH in Verbose Mode

ssh -vvv Debian

Confirm SSH Agent Has Loaded the Keys

ssh-add -l

SSH Keyscan

This will allow you to view the public keys of a remote server.