Looking to establish a secure connection between your client and server? Look no further than Secure Shell (SSH). As a popular cryptographic network protocol, SSH supports a variety of authentication mechanisms, including password-based and public key-based.
In this tutorial, we’ll guide you through the process of setting up SSH key-based authentication and demonstrate how you can connect to your Linux server without having to enter a password. Ensure the safety and security of your network with SSH.
How to Setup SSH Passwordless Login
To establish a password-free SSH login on Linux, simply generate a public authentication key and add it to the ~/.ssh/authorized_keys
file on the remote host.
Follow the step-by-step process for configuring passwordless SSH login:
1. Check for existing SSH key pair:
To avoid overwriting existing SSH keys, it is recommended to check if an SSH key pair already exists on your client machine before generating a new one.
You can use the following ls command
to see if any SSH keys are present:
ls -al ~/.ssh/id_*.pub
If you find existing keys, you can choose to use them instead of generating a new one or back them up before generating a new key pair.
If the command returns No such file or directory
or no matches found
you can proceed with generating a new SSH key pair.
2. Make a new SSH key pair:
To generate a new 4096-bit SSH key pair with your email address as a comment, use the following command:
ssh-keygen -t rsa -b 4096 -C "[email protected]"
You can optimize the process by accepting the default file location and file name by pressing Enter
when prompted:
Output
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
The ssh-keygen
tool will also ask you if you want to use a passphrase for an extra layer of security. While it’s optional, using a passphrase is highly recommended for better protection. However, some developers and system administrators prefer not to use a passphrase for fully automated processes. If you choose not to use a passphrase, just press Enter
.
Output
Enter passphrase (empty for no passphrase):
This whole process will look like this:
To ensure the SSH keys are generated you can list new private and public keys with by the following command:
ls ~/.ssh/id_*
Output
/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub
3. Copy the public key:
To enable passwordless login to your server after generating an SSH key pair, it’s essential to copy the public key to your server. The most convenient way to accomplish this task is by using the ssh-copy-id
command.
To get started, launch your local machine terminal and input the following command:
ssh-copy-id remote_username@server_ip_address
After that, you’ll be asked to provide the remote_username password:
Output
remote_username@server_ip_address's password:
After the user gets authenticated, the public key will then be appended to the remote user authorized_keys
file and the connection will be terminated.
In the event that ssh-copy-id is not available on your local computer, you can utilize the following command to copy the public key:
cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
4. Login with SSH key :
Once you’ve completed the above steps you can easily log in to the remote server without being asked for any password.
Testing the connection is as easy as attempting to log in via SSH with the command:
ssh remote_username@server_ip_address
If the process was successful, you’ll be granted immediate access to your server.
How to disable SSH Password Authentication
If you’re looking to improve the security of your server, consider disabling password authentication for SSH. Before doing so, ensure that you’re able to log in without a password and that the user you’re logging in with has sudo
privileges.
Check out how to configure sudo
access:
How To Create a Sudo User on Ubuntu or Debian
Once you’ve established secure login, connect to your remote server using SSH keys as a user with sudo privileges or root:
ssh sudo_user@server_ip_address
Search and modify the SSH configuration file /etc/ssh/sshd_config
by adding the following directives:
/etc/ssh/sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Save the changes and restart the SSH service.
For Ubuntu and Debian servers, enter the following command:
sudo systemctl restart ssh
For CentOS or Fedora servers, enter the following command:
sudo systemctl restart sshd
Conclusion
In this step-by-step guide, we showed you how to easily configure SSH key-based authentication, enabling hassle-free access to your remote server without the need for a user password. By using this technique, you can also streamline access to multiple remote servers using the same key.
Furthermore, we provided you with expert advice on how to increase the security of your server by disabling SSH password authentication and adding an additional layer of protection to your server.
If you still have any queries or suggestions regarding our tutorial, don’t hesitate to leave a comment below.