How to Set Up Passwordless SSH Login

Ashutosh Roy Choudhury -

Introduction

Before we begin talking about how to set up passwordless SSH login, let's briefly understand - What is SSH?

Secure Shell(SSH), is a network protocol that protects the contents of network packets and is often used by system administrators to access computers on unsecured networks.

Setting up passwordless SSH login is a convenient and secure way to connect to remote servers or devices without the need to enter a password every time. It involves generating and exchanging public and private keys between the local and remote systems, allowing for a seamless and secure connection.

In this tutorial, you will set up an SSH key-based authentication and will also connect to your Linux server without entering a password. We will also address a few FAQs on how to set up passwordless SSH Login.

Setup SSH Passwordless Login

To enable passwordless SSH login on Linux, you only need to generate a public authentication key and attach it to the remote host's /.ssh/authorized keys file.

Here are the steps for configuring passwordless SSH login:

1) Look for existing SSH key pairs.

You don't want to overwrite your existing SSH keys, so check whether you already have an SSH key on your client machine before generating a new key pair.

You can check if SSH keys already exist by using the ls command:

ls -al ~/.ssh/id_*.pub

Alternatively, you can back up the old keys and generate new ones if there is already a key.

The No such file or directory error means that you don't have an SSH key, and you should proceed to the next step and generate one.

2) Generate a new SSH key pair.

Your email address will be included as a comment in the new 4096 bits SSH key pair generated by the following command:

ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"

Accept the default file location and name by pressing Enter:

Output

Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

You will then be asked to enter a secure password by the ssh-keygen tool. Whether you want to use a passphrase it’s up to you, if you choose to use a passphrase you will get an extra layer of security. As SSH is useful for fully automated procedures, most developers and system administrators utilise it without a password.

Simply press Enter if you don't want to enter a passcode.

Output

Enter passphrase (empty for no passphrase):

If you want to be sure the SSH keys are generated, you can list your public and private keys with:

ls ~/.ssh/id_*

Output

/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub

3) Copy the public key

Once you've generated the SSH key pair, the public key needs to be copied to the server you wish to manage, so you can access it without a password.

If you want to copy your public key to your server, you can use ssh-copy-id.

ssh-copy-id remote_username@server_ip_address

You will be prompted to enter the remote_username password:

Output

remote_username@server_ip_address's password:

As soon as a user is authenticated, the public key will be added to the remote user's authorized_keys file, and the connection will be closed.

The following command can be used if the ssh-copy-id utility is not available on your computer:

cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

4) Login to your server using SSH keys

You should be able to get into the remote server without having to enter a password after following the procedures above.

Simply login to your server through SSH to test it:

ssh remote_username@server_ip_address

You'll be logged in right away if everything went smoothly.

Disabling SSH Password Authentication

You can disable SSH password authentication to offer an extra layer of security to your server.

Make sure you can log in to your server without a password and that the user you're logging in with has sudo rights before deactivating SSH password authentication.

1) Use SSH keys to connect to your remote server, either as a user with sudo capabilities or as root:

ssh sudo_user@server_ip_address

2) Search for the following directives in the SSH configuration file /etc/ssh/sshd_config and edit them as follows:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Save the file and restart the SSH service once you're finished.

Run the following command on an Ubuntu or Debian server:

sudo systemctl restart ssh

Run the following command on a CentOS or Fedora server:

sudo systemctl restart sshd

FAQ's to setup passwordless ssh login

Why should I set up passwordless SSH login? 

Passwordless SSH login provides convenience by eliminating the need to enter passwords repeatedly. Additionally, it enhances security by using public and private key pairs for authentication.

How do I generate SSH key pairs?

SSH key pairs can be generated using the ssh-keygen command-line tool. It creates a public key file and a private key file

How can I copy my public key to the remote server?

You can use the ssh-copy-id command to automatically copy your public key to the remote server. It will add the necessary entries to the remote server's authorized_keys file.

Can I set a passphrase for my private key? 

Yes, you can set a passphrase for your private key during the key generation process. It provides an additional layer of security.

What happens if I lose my private key? 

If you lose your private key, you will no longer be able to authenticate to remote servers using that key. It is recommended to generate a new key pair and update the public key on each remote server.

Can I use passwordless SSH login for SSH tunneling or port forwarding? 

Yes, passwordless SSH login can be used for SSH tunneling or port forwarding, providing secure access to services on remote servers.

How can I troubleshoot issues with setting up passwordless SSH login? 

Common issues with passwordless SSH login include incorrect permissions on key files or incorrect settings on the remote server. Checking file permissions and examining the server's logs can help identify and resolve such issues.

Conclusion

By utilizing public-key cryptography, passwordless SSH login enhances security while providing a streamlined authentication process.  

By following the steps outlined in the tutorial, you can establish a reliable and efficient passwordless SSH login system. This allows you to save time, improve productivity, and maintain a secure connection to your remote systems.

If you have any queries, please leave a comment below and we’ll be happy to respond to them for sure.