How to Set Up Passwordless SSH Login

SSH, or Secure Shell is most trusted open-source network protocol used for secure connection between a client and remote server. It also used to transfer files over the network using SCP protocol. In this article, we will show how to set up passwordless login using ssh keys to connect remote servers.

Setup SSH Passwordless Login#

It’s a very secure way to connect remote server without entering password.

First, you need to generate a public authentication key on your client and append it to the remote hosts ~/.ssh/authorized_keys file.

Perform the below steps to configure passwordless SSH login:

1. Generate SSH Key pair#

Before generating a new key pair check if you have already on your client machine otherwise it will overwrite it.

Use the following command to generate a new SSH key pair:

ssh-keygen -t rsa

Hit Enter to accept the default file location and file name:

Enter file in which to save the key (/home/username/.ssh/id_rsa):

In above username will be your system username in which you are logged in.

Next, it will ask you to type passphrase. It’s optional to set passphrase, whether you want to add more security enter it otherwise not. If you don’t want to set passphrase just leave empty and press Enter to go ahead.

Enter passphrase (empty for no passphrase):

It whole screen will look something like this:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/tecnstuff/.ssh/id_rsa):
Created directory '/home/tecnstuff/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/tecnstuff/.ssh/id_rsa.
Your public key has been saved in /home/tecnstuff/.ssh/id_rsa.pub.
The key fingerprint is:
3g:bc:20:10:8c:e1:9b:48:b3:b0:f8:05:77:c2:fd:c2 admin@tecnstuff.net
The key's randomart image is:
+--[ RSA 2048]----+
|        ..oooD.++|
|         o. o.o  |
|          ..   . |
|         o  . . o|
|        P .  . + |
|       . .    . o|
|      . o o    ..|
|       + +       |
|        +.       |
+-----------------+

To list the generated ssh keys, type:

ls ~/.ssh/id_*

/home/tecnstuff/.ssh/id_rsa /home/tecnstuff/.ssh/id_rsa.pub

2. Copy public key to host#

Now we have he ssh key pair generated on our client machine and need to copy to the remote host to make connection.

Common way to copy your public key to your remote server using ssh-copy-id command. Type as following on your local terminal:

ssh-copy-id REMOTE_USER@SERVER_IP_ADDRESS

It will prompt to enter password for remote username. In our example it will look like:

tecnstuff@55.44.22.11's password:

On success authentication, the public key will be appended to the remote user’s authorized_keys file and connection will be closed.

Alternatively, you can paste in the keys using SSH:

cat ~/.ssh/id_rsa.pub | ssh tecnstuff@55.44.22.11 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

3. Login to your server using SSH keys#

After complete set up you should able to connect to remote server without password. Execute the below command to your client terminal to login:

ssh tecnstuff@55.44.22.11

That’s it! If your setup have no issues your will be logged in immediately.

Disable SSH Password Authentication#

Disable ssh password authentication is a another security layer for server.

Follow the below steps to disable ssh password authentication:

1. Connect your server using SSH keys as root or user with sudo privileges:

ssh REMOTE_USER@SERVER_IP_ADDRESS

2. Edit SSH configuration file /etc/ssh/sshd_config and search for PasswordAuthentication directive and set it to no as following:

PasswordAuthentication no

Save and close the file.

3. Restart SSH Service

To take changes in effect we need to restart SSH service.

For Ubuntu or Debian servers, run the following command:

sudo systemctl restart ssh

For CentOS or Fedora servers, type:

sudo systemctl restart sshd

Conclusion#

You have successfully learned how to set up passwordless ssh login to connect your remote server. We also show you how to disable SSH password authentication to add extra security level.

If you have any questions or feedback, leave a comment below.