====== Linux: Configuring Passwordless Login via SSH ======
Also Part of: [[:computer_science:linux:hardening:hardening_linux_servers|Hardening Linux Servers]]
===== Summary of Steps: =====
- Make Public / Private Key Pair
- Add Public Key to Server
- Verify Passwordless Login Works
- Disable Password Login on Server
===== Guide =====
==== Generating Public / Private Key Pair ====
ssh-keygen -t rsa
==== Add Public Key to Server ====
=== Manual Way ===
Go to .ssh under your home directory
cd ~/.ssh
Info: In case you don't have a ".ssh" directory, create it and set the permissions to 700
mkdir .ssh && sudo chmod 700 .ssh
Inside you should have a file called "authorized_keys". If you do not, make it and set the permissions to 600
touch authorized_keys && sudo chmod 600 authorized_keys
Copy your public key from *.pub to authorized_keys. It should look something like this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVtv5prVJ[.....]
----
=== Automatic / Easy Way ===
ssh-copy-id user@remote-host
==== Verify that the Passwordless Login Works ====
==== Disable Login via Password ====
__**Important!**__ Be 110% sure the passwordless login works, else you will lock yourself out.
Edit the file "sshd_config"
nano /etc/ssh/sshd_config
Update / Confirm the following 3 values:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Restart the service with:
sudo systemctl restart sshd
====== Using per-host SSH configuration ======
===== Edit your .ssh/config =====
sudo nano ~/.ssh/config
~/.ssh/config eg:
Host opportunity
HostName 10.20.30.40
User remoteUser
IdentityFile ~/.ssh/privateKey
Connect with:
ssh opportunity