engineering:computer_science:linux:hardening:linux_passwordless_ssh_login

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
engineering:computer_science:linux:hardening:linux_passwordless_ssh_login [2024/08/16 13:56] – removed - external edit (Unknown date) 127.0.0.1engineering:computer_science:linux:hardening:linux_passwordless_ssh_login [2024/08/16 13:56] (current) – ↷ Links adapted because of a move operation carlossousa
Line 1: Line 1:
 +====== Linux: Configuring Passwordless Login via SSH ======
 +
 +Also Part of: [[engineering:computer_science:linux:hardening:hardening_linux_servers|Hardening Linux Servers]]
 +
 +===== Summary of Steps: =====
 +
 +  - Make Public / Private Key Pair
 +  - Add Public Key to Server
 +  - Verify Passwordless Login Works
 +  - Disable Password Login on Server
 +
 +===== Guide =====
 +
 +==== Generating Public / Private Key Pair ====
 +
 +<code bash>
 +ssh-keygen -t rsa
 +
 +
 +</code>
 +
 +==== Add Public Key to Server ====
 +
 +=== Manual Way ===
 +
 +Go to .ssh under your home directory
 +
 +<code bash>
 +cd ~/.ssh
 +
 +
 +</code>
 +
 +Info: In case you don't have a ".ssh" directory, create it and set the permissions to 700
 +
 +<code bash>
 +mkdir .ssh && sudo chmod 700 .ssh
 +
 +
 +</code>
 +
 +Inside you should have a file called "authorized_keys". If you do not, make it and set the permissions to 600
 +
 +<code bash>
 +touch authorized_keys && sudo chmod 600 authorized_keys
 +
 +
 +</code>
 +
 +Copy your public key from *.pub to authorized_keys. It should look something like this:
 +
 +<code bash>
 +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVtv5prVJ[.....]
 +
 +
 +</code>
 +
 +----
 +
 +=== Automatic / Easy Way ===
 +
 +<code bash>
 +ssh-copy-id user@remote-host
 +
 +
 +</code>
 +
 +==== Verify that the Passwordless Login Works ====
 +
 +==== Disable Login via Password ====
 +
 +__**Important!**__  Be 110% sure the passwordless login works, else you will lock yourself out.
 +
 +Edit the file "sshd_config"
 +
 +<code bash>
 +nano /etc/ssh/sshd_config
 +
 +
 +</code>
 +
 +Update / Confirm the following 3 values:
 +
 +<code bash>
 +PasswordAuthentication no
 +ChallengeResponseAuthentication no
 +UsePAM no
 +
 +
 +</code>
 +
 +Restart the service with:
 +
 +<code bash>
 +sudo systemctl restart sshd
 +
 +
 +</code>
 +
 +
 +====== Using per-host SSH configuration ======
 +
 +===== Edit your .ssh/config =====
 +
 +<code>
 +sudo nano ~/.ssh/config
 +
 +</code>
 +
 +~/.ssh/config eg:
 +
 +<code>Host opportunity
 +    HostName 10.20.30.40
 +    User remoteUser
 +    IdentityFile ~/.ssh/privateKey
 +
 +</code>
 +
 +Connect with:
 +
 +<code>
 +ssh opportunity
 +
 +</code>