How to setup passwordless SSH login in Linux?

SSH or Secure Shell is a cryptographic network protocol for securely getting access to a remote computer using a terminal. It provides a secure channel over the unsecured network to execute commands and operate a system remotely.

There are various different ways to authenticate users who are going to connect to a remote server using ssh. Password-based authentication and public-key-based authentication are the most widely used methods.

In this article, we will discuss how to set up a passwordless ssh login using public key-based authentication on a Linux system.

Prerequisites

In order to complete this guide, you should have the following.

  • Access to a user account with superuser privileges
  • SSH access to a remote server in terminal

Setup ssh key-based authentication

SSH uses public-key cryptography to authenticate the remote computer. It is a robust and more secure alternative to logging in with an account password. Asymmetric cryptographic algorithms are used to generate a pair of keys one is private which is kept secret and store in a local computer and the other one is the public key which can be shared anywhere.

Before you generate ssh keys check whether you already have these on your system if yes then you can use the existing one otherwise go and create ssh keys.

Use the given command to check if this file already exists on your system –

ls -al ~/.ssh/id_*.pub

If you see output like file or directory not found or match not found then go to the next step to create ssh keys pair.

Create a new SSH key pair

On your system open the terminal and use the following command to generate the SSH key pair (RSA keys) –

ssh-keygen -t rsa

This will prompt you to enter the following for the keypair that will be generated –

Filename – Enter the filename and press enter to proceed if you don’t pass any name it will proceed with the default one i.e. id_rsa

Passphrase – Enter at least a five-character password and retype it if asked again and press enter. You can skip it also but protecting your keys with a password is a good idea. Now a pair of public and private keys will be generated inside the .ssh directory in your current working directory.

Copy the public key to the remote server

To manage the remote server from your local computer you need to upload the public key on it. Use the following command to copy the public key to the remote server.

ssh-copy-id user@server-ip-address

For example –

ssh-copy-id [email protected]

This will prompt you to enter the remote user login password and then the key will be added to the file authorized_keys on the remote server.

Log in to the remote server using SSH key-based authentication method

Now everything has been set up you can use the following command to log in on the remote server.

ssh [email protected]_ip_address

For example –

ssh [email protected]

If you protected your ssh key pair with a password then a window will open asking you to enter the password. Once you enter the password to open this file you will get connected to the remote server.

Disable server password authentication

Before you disable the password authentication on your remote server make sure you are login to that server with the public key authentication method.

Use the given command to login into the remote server with the public key authentication method –

ssh [email protected]_ip_address

Next open and modify the ssh configuration file i.e. /etc/ssh/sshd_config use –

sudo nano /etc/ssh/sshd_config

In this configuration file find the given directive and modify it as given below.

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

You can see this configuration file in the given image.

Save this file and exit.

Next reboot your ssh server to make the changes effective, use-

systemctl restart sshd

Conclusion

The ssh key-based authentication is very useful when you are dealing with a large number of servers and you want to automate such as automatic backup using scripts, executing commands remotely, etc.

Now if you have a query then write us in the comments below.

Leave a Comment