means, in English, that in Spanish it would be “Security Shield”. This is an open source network protocol that can be used to log into servers and execute commands remotely, which is great for !
There are two ways to enable SSH:
- Password-based authentication
- Public Key Based Authentication
Public key-based authentication is also known as passwordless SSH.
Why use SSH without a password?
Sometimes we may find passwords difficult to remember and inconvenient, especially if we are in an environment where we need to enter a password frequently.
Some advantages of using passwordless SSH are:
- It offers an easy and non-interactive login. Users do not have to type the password for each new session.
- It is a more secure alternative compared to passwords as it works with public-private key cryptography.
- Is more reliable.
- Provides better authentication and authorization management.
- It is a good solution for both small and large infrastructures.
- It is easy to build and maintain.
To start using SSH without , you must generate a public key. In this tutorial, we will focus on how to do it in SSH version 2, which is the latest and most secure protocol.
Login to your VPS server using SSH, and you’re ready to go!
First, you can check if the SSH key for the client machine already exists. This will avoid overwriting the current settings. You can use the following command to find out:
ls -al ~/.ssh/id_*.pub
If you find an existing key you can: skip the SSH key generation steps, override the current settings, or create a backup of the existing key. If the key does not exist, you will see the following output:
ls: cannot access /users/appsadm/.ssh/id_*.pub: No such file or directory
Now you can proceed to generate the SSH key.
Passwordless SSH on Ubuntu and CentOS
To generate a public and private key on Ubuntu or CentOS, use the command:
ssh-keygen -t rsa
The -t option means type, while RSA is the protocol used for key generation. RSA is the default type, so you can also use the simpler version of the command: ssh-keygen.
The default key is 2048 bits. However, if you want stronger security, you can change the value to 4096 bits. In that case, the command will be:
ssh-keygen -t rsa -b 4096
This is an interactive key generation process and you will be asked a few questions, such as:
- Enter the file where you will save the key (/home/.ssh.id_rsa)
- Enter the passphrase (empty if you want to leave it without a passphrase)
You can press enter for both questions and the system will default to the values. The passphrase is a string of characters, used to encrypt the private key; however, it is not mandatory and can be left blank. The private key will be saved in the default location: .ssh/id_rsa.
The public key will be saved to the file .ssh/id_rsa.pub. This will complete the key generation step. You can check the files using any editor.
Copy the public key to enable passwordless SSH
Copying the public key to a target machine can be done in three ways:
- Using the ssh-copy-id command
- Using SSH
- manually
The first option is the most preferred and the fastest. The command ssh-copy-id it is included by default in most versions of Linux. In case you have problems using ssh-copy-id or you don’t have access to this command, you can try the following options.
Method 1: Use the ssh-copy-id command
The basic syntax to use this command is as follows:
ssh-copy-id remote_username@remote_IP_Address
By typing it you will receive a message with the password of the remote machine. Once authentication is successful, the generated SSH public key will be added to the remote machine’s authorized_keys file. After adding the key, the connection will be closed automatically.
Method 2: Copy the private key using SSH
The following method uses SSH to copy the private key. You can use this alternative when you have access to the server with SSH password. The following command will take care of the process. You just need to enter the username and IP address of the remote machine.
cat ~/.ssh/id_rsa.pub | ssh remote_username@remote_ip_address “mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys”
This will add the key to the remote machine’s authorized_keys file.
Method 3: Manually copy the public key
The third method is a bit more difficult as it is completely manual. However, in case the other methods don’t work, you can use this one! You will need to manually add the file content id_rsa.pub to file ~/.ssh/authorized_keys from the remote server.
In the source method, you can display the content of the file id_rsa.pub using the vi editor or the cat command:
cat ~/.ssh/id_rsa.pub
This will display output containing the key, which begins with ssh-rsa. Copy it! Then, on the remote server, log in and create the .ssh file if it doesn’t exist.
mkdir -p ~/.ssh
Similarly, you can create the file authorized_keys. Add the copied SSH public key to the empty file as shown below:
echo SSH_public_key >> ~/.ssh/authorized_keys
SSH_public_key it would be the public key that you copied from the source machine. start with ssh-rsa.
Once you copy the key, you can provide the necessary permissions to the remote servers .ssh directory using the chmod command.
chmod -766 ~/.ssh
Test SSH without a password
If you made it this far and did everything, you should have enabled passwordless SSH successfully and done the basic setup. To test the feature, you can try to access the remote server through the origin server. The command syntax would look like this:
ssh remote_username@remote_IP_Address
If everything worked fine, you’ll be able to log in automatically without having to enter your password.
How to disable passwordless SSH
If you decide that passwordless SSH is not for you, you can disable it by following the steps below. To make this change, open the SSH configuration file: /etc/ssh/ssh_config. Again, any editor will work, in our case we used nano. Here you will find an entry with the command PasswordAuthentication. Modify the lines as shown:
PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no
Once you’ve changed this, save the file and restart SSH. Here’s how to do it in Ubuntu 18.04:
sudo systemctl restart ssh
and the command for Cent OS 7:
sudo systemctl restart sshd
In conclusion
With that said, our tutorial on passwordless SSH would be complete. We cover setting up passwordless SSH, how it works, and how to disable it. We hope this tutorial has been useful to you! Remember, keep your computer safe, better safe than sorry!
Deyi is a digital marketing enthusiast, with a background in web design, content creation, copywriting, and SEO. She is part of ‘s SEO & Localization team. In her free time, she likes to develop projects, read a book or watch a good movie.
Facebook Comments
Disqus