Introduction
Before we begin talking about how to set up passwordless SSH login, let's briefly understand - What is SSH?
Secure Shell(SSH), is a network protocol that protects the contents of network packets and is often used by system administrators to access computers on unsecured networks.
Setting up passwordless SSH login is a convenient and secure way to connect to remote servers or devices without the need to enter a password every time. It involves generating and exchanging public and private keys between the local and remote systems, allowing for a seamless and secure connection.
In this tutorial, you will set up an SSH key-based authentication and will also connect to your Linux server without entering a password. We will also address a few FAQs on how to set up passwordless SSH Login.
Setup SSH Passwordless Login
To enable passwordless SSH login on Linux, you only need to generate a public authentication key and attach it to the remote host's /.ssh/authorized
keys file.
Here are the steps for configuring passwordless SSH login:
1) Look for existing SSH key pairs.
You don't want to overwrite your existing SSH keys, so check whether you already have an SSH key on your client machine before generating a new key pair.
You can check if SSH keys already exist by using the ls
command:
ls -al ~/.ssh/id_*.pub
Alternatively, you can back up the old keys and generate new ones if there is already a key.
The No such file or directory error
means that you don't have an SSH key, and you should proceed to the next step and generate one.
2) Generate a new SSH key pair.
Your email address will be included as a comment in the new 4096 bits SSH key pair generated by the following command:
ssh-keygen -t rsa -b 4096 -C "[email protected]"
Accept the default file location and name by pressing Enter:
Output
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
You will then be asked to enter a secure password by the ssh-keygen tool. Whether you want to use a passphrase it’s up to you, if you choose to use a passphrase you will get an extra layer of security. As SSH is useful for fully automated procedures, most developers and system administrators utilise it without a password.
Simply press Enter if you don't want to enter a passcode.
Output
Enter passphrase (empty for no passphrase):
If you want to be sure the SSH keys are generated, you can list your public and private keys with:
ls ~/.ssh/id_*
Output
/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub
3) Copy the public key
Once you've generated the SSH key pair, the public key needs to be copied to the server you wish to manage, so you can access it without a password.
If you want to copy your public key to your server, you can use ssh-copy-id
.
ssh-copy-id remote_username@server_ip_address
You will be prompted to enter the remote_username password:
Output
remote_username@server_ip_address's password:
As soon as a user is authenticated, the public key will be added to the remote user's authorized_keys
file, and the connection will be closed.
The following command can be used if the ssh-copy-id
utility is not available on your computer:
cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
4) Login to your server using SSH keys
You should be able to get into the remote server without having to enter a password after following the procedures above.
Simply login to your server through SSH to test it:
ssh remote_username@server_ip_address
You'll be logged in right away if everything went smoothly.
Disabling SSH Password Authentication
You can disable SSH password authentication to offer an extra layer of security to your server.
Make sure you can log in to your server without a password and that the user you're logging in with has sudo rights before deactivating SSH password authentication.
1) Use SSH keys to connect to your remote server, either as a user with sudo capabilities or as root:
ssh sudo_user@server_ip_address
2) Search for the following directives in the SSH configuration file /etc/ssh/sshd_config
and edit them as follows:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Save the file and restart the SSH service once you're finished.
Run the following command on an Ubuntu or Debian server:
sudo systemctl restart ssh
Run the following command on a CentOS or Fedora server:
sudo systemctl restart sshd
FAQ's to setup passwordless ssh login
Why should I set up passwordless SSH login?
Passwordless SSH login provides convenience by eliminating the need to enter passwords repeatedly. Additionally, it enhances security by using public and private key pairs for authentication.
How do I generate SSH key pairs?
SSH key pairs can be generated using the ssh-keygen
command-line tool. It creates a public key file and a private key file
How can I copy my public key to the remote server?
You can use the ssh-copy-id
command to automatically copy your public key to the remote server. It will add the necessary entries to the remote server's authorized_keys
file.
Can I set a passphrase for my private key?
Yes, you can set a passphrase for your private key during the key generation process. It provides an additional layer of security.
What happens if I lose my private key?
If you lose your private key, you will no longer be able to authenticate to remote servers using that key. It is recommended to generate a new key pair and update the public key on each remote server.
Can I use passwordless SSH login for SSH tunneling or port forwarding?
Yes, passwordless SSH login can be used for SSH tunneling or port forwarding, providing secure access to services on remote servers.
How can I troubleshoot issues with setting up passwordless SSH login?
Common issues with passwordless SSH login include incorrect permissions on key files or incorrect settings on the remote server. Checking file permissions and examining the server's logs can help identify and resolve such issues.
Conclusion
By utilizing public-key cryptography, passwordless SSH login enhances security while providing a streamlined authentication process.
By following the steps outlined in the tutorial, you can establish a reliable and efficient passwordless SSH login system. This allows you to save time, improve productivity, and maintain a secure connection to your remote systems.
If you have any queries, please leave a comment below and we’ll be happy to respond to them for sure.