How to Setup Passwordless SSH Login in Linux 2024

How to Setup Passwordless SSH Login

Looking to establish a secure connection between your client and server? Look no further than Secure Shell (SSH). As a popular cryptographic network protocol, SSH supports a variety of authentication mechanisms, including password-based and public key-based.

In this tutorial, we’ll guide you through the process of setting up SSH key-based authentication and demonstrate how you can connect to your Linux server without having to enter a password. Ensure the safety and security of your network with SSH.

How to Setup SSH Passwordless Login

To establish a password-free SSH login on Linux, simply generate a public authentication key and add it to the ~/.ssh/authorized_keys file on the remote host.

Follow the step-by-step process for configuring passwordless SSH login:

1. Check for existing SSH key pair:
To avoid overwriting existing SSH keys, it is recommended to check if an SSH key pair already exists on your client machine before generating a new one.

You can use the following ls command to see if any SSH keys are present:

ls -al ~/.ssh/id_*.pub

If you find existing keys, you can choose to use them instead of generating a new one or back them up before generating a new key pair.

If the command returns No such file or directory or no matches found you can proceed with generating a new SSH key pair.

2. Make a new SSH key pair:
To generate a new 4096-bit SSH key pair with your email address as a comment, use the following command:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

You can optimize the process by accepting the default file location and file name by pressing Enter when prompted:

Output

Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

The ssh-keygen tool will also ask you if you want to use a passphrase for an extra layer of security. While it’s optional, using a passphrase is highly recommended for better protection. However, some developers and system administrators prefer not to use a passphrase for fully automated processes. If you choose not to use a passphrase, just press Enter.

Output

Enter passphrase (empty for no passphrase):

This whole process will look like this:

generate a new SSH key pair

To ensure the SSH keys are generated you can list new private and public keys with by the following command:

ls ~/.ssh/id_*

Output

/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub

3. Copy the public key:
To enable passwordless login to your server after generating an SSH key pair, it’s essential to copy the public key to your server. The most convenient way to accomplish this task is by using the ssh-copy-id command.

To get started, launch your local machine terminal and input the following command:

ssh-copy-id remote_username@server_ip_address

After that, you’ll be asked to provide the remote_username password:

Output

remote_username@server_ip_address's password:

After the user gets authenticated, the public key will then be appended to the remote user authorized_keys file and the connection will be terminated.

In the event that ssh-copy-id is not available on your local computer, you can utilize the following command to copy the public key:

cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

4. Login with SSH key :
Once you’ve completed the above steps you can easily log in to the remote server without being asked for any password.

Testing the connection is as easy as attempting to log in via SSH with the command:

ssh remote_username@server_ip_address

If the process was successful, you’ll be granted immediate access to your server.

How to disable SSH Password Authentication

If you’re looking to improve the security of your server, consider disabling password authentication for SSH. Before doing so, ensure that you’re able to log in without a password and that the user you’re logging in with has sudo privileges.

Check out how to configure sudo access:
How To Create a Sudo User on Ubuntu or Debian

Once you’ve established secure login, connect to your remote server using SSH keys as a user with sudo privileges or root:

ssh sudo_user@server_ip_address

Search and modify the SSH configuration file /etc/ssh/sshd_config by adding the following directives:

/etc/ssh/sshd_config


PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Save the changes and restart the SSH service.

For Ubuntu and Debian servers, enter the following command:

sudo systemctl restart ssh

For CentOS or Fedora servers, enter the following command:

sudo systemctl restart sshd

Conclusion

In this step-by-step guide, we showed you how to easily configure SSH key-based authentication, enabling hassle-free access to your remote server without the need for a user password. By using this technique, you can also streamline access to multiple remote servers using the same key.

Furthermore, we provided you with expert advice on how to increase the security of your server by disabling SSH password authentication and adding an additional layer of protection to your server.

If you still have any queries or suggestions regarding our tutorial, don’t hesitate to leave a comment below.

James

James

Hi, this is James, a tech specialist and a core member of the TrioTeam. I like to research and write content about various interesting things especially tech-related stuff, and also have an interest in philosophical discussion. I have been writing solutions for technical problems, how-to tutorials, technology reviews, tools and websites, and so on for TrioGuide.

We will be happy to hear your thoughts

Leave a reply

TrioGuide
Logo