
SSH, or Secure Shell is most trusted open-source network protocol used for secure connection between a client and remote server. It also used to transfer files over the network using SCP protocol. In this article, we will show how to set up passwordless login using ssh keys to connect remote servers.
Setup SSH Passwordless Login
It’s a very secure way to connect remote server without entering password.
First, you need to generate a public authentication key on your client and append it to the remote hosts ~/.ssh/authorized_keys
file.
Perform the below steps to configure passwordless SSH login:
1. Generate SSH Key pair
Before generating a new key pair check if you have already on your client machine otherwise it will overwrite it.
Use the following command to generate a new SSH key pair:
ssh-keygen -t rsa
Hit Enter
to accept the default file location and file name:
Enter file in which to save the key (/home/username/.ssh/id_rsa):
In above username
will be your system username in which you are logged in.
Next, it will ask you to type passphrase. It’s optional to set passphrase, whether you want to add more security enter it otherwise not. If you don’t want to set passphrase just leave empty and press Enter
to go ahead.
Enter passphrase (empty for no passphrase):
It whole screen will look something like this:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tecnstuff/.ssh/id_rsa):
Created directory '/home/tecnstuff/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/tecnstuff/.ssh/id_rsa.
Your public key has been saved in /home/tecnstuff/.ssh/id_rsa.pub.
The key fingerprint is:
3g:bc:20:10:8c:e1:9b:48:b3:b0:f8:05:77:c2:fd:c2 admin@tecnstuff.net
The key's randomart image is:
+--[ RSA 2048]----+
| ..oooD.++|
| o. o.o |
| .. . |
| o . . o|
| P . . + |
| . . . o|
| . o o ..|
| + + |
| +. |
+-----------------+
To list the generated ssh keys, type:
ls ~/.ssh/id_*
/home/tecnstuff/.ssh/id_rsa /home/tecnstuff/.ssh/id_rsa.pub
2. Copy public key to host
Now we have he ssh key pair generated on our client machine and need to copy to the remote host to make connection.
Common way to copy your public key to your remote server using ssh-copy-id
command. Type as following on your local terminal:
ssh-copy-id REMOTE_USER@SERVER_IP_ADDRESS
It will prompt to enter password for remote username. In our example it will look like:
tecnstuff@55.44.22.11's password:
On success authentication, the public key will be appended to the remote user’s authorized_keys
file and connection will be closed.
Alternatively, you can paste in the keys using SSH:
cat ~/.ssh/id_rsa.pub | ssh tecnstuff@55.44.22.11 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
3. Login to your server using SSH keys
After complete set up you should able to connect to remote server without password. Execute the below command to your client terminal to login:
ssh tecnstuff@55.44.22.11
That’s it! If your setup have no issues your will be logged in immediately.
Disable SSH Password Authentication
Disable ssh password authentication is a another security layer for server.
Follow the below steps to disable ssh password authentication:
1. Connect your server using SSH keys as root or user with sudo privileges:
ssh REMOTE_USER@SERVER_IP_ADDRESS
2. Edit SSH configuration file /etc/ssh/sshd_config
and search for PasswordAuthentication
directive and set it to no as following:
PasswordAuthentication no
Save and close the file.
3. Restart SSH Service
To take changes in effect we need to restart SSH service.
For Ubuntu or Debian servers, run the following command:
sudo systemctl restart ssh
For CentOS or Fedora servers, type:
sudo systemctl restart sshd
Conclusion
You have successfully learned how to set up passwordless ssh login to connect your remote server. We also show you how to disable SSH password authentication to add extra security level.
If you have any questions or feedback, leave a comment below.
Leave a Reply