====== Linux: Configuring Passwordless Login via SSH ======

Also Part of: [[:computer_science:linux:hardening:hardening_linux_servers|Hardening Linux Servers]]

===== Summary of Steps: =====

  - Make Public / Private Key Pair
  - Add Public Key to Server
  - Verify Passwordless Login Works
  - Disable Password Login on Server

===== Guide =====

==== Generating Public / Private Key Pair ====

<code bash>
ssh-keygen -t rsa


</code>

==== Add Public Key to Server ====

=== Manual Way ===

Go to .ssh under your home directory

<code bash>
cd ~/.ssh


</code>

Info: In case you don't have a ".ssh" directory, create it and set the permissions to 700

<code bash>
mkdir .ssh && sudo chmod 700 .ssh


</code>

Inside you should have a file called "authorized_keys". If you do not, make it and set the permissions to 600

<code bash>
touch authorized_keys && sudo chmod 600 authorized_keys


</code>

Copy your public key from *.pub to authorized_keys. It should look something like this:

<code bash>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVtv5prVJ[.....]


</code>

----

=== Automatic / Easy Way ===

<code bash>
ssh-copy-id user@remote-host


</code>

==== Verify that the Passwordless Login Works ====

==== Disable Login via Password ====

__**Important!**__  Be 110% sure the passwordless login works, else you will lock yourself out.

Edit the file "sshd_config"

<code bash>
nano /etc/ssh/sshd_config


</code>

Update / Confirm the following 3 values:

<code bash>
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no


</code>

Restart the service with:

<code bash>
sudo systemctl restart sshd


</code>


====== Using per-host SSH configuration ======

===== Edit your .ssh/config =====

<code>
sudo nano ~/.ssh/config

</code>

~/.ssh/config eg:

<code>Host opportunity
    HostName 10.20.30.40
    User remoteUser
    IdentityFile ~/.ssh/privateKey

</code>

Connect with:

<code>
ssh opportunity

</code>