Linux: Configuring Passwordless Login via SSH
Also Part of: Hardening Linux Servers
Summary of Steps:
- Make Public / Private Key Pair
- Add Public Key to Server
- Verify Passwordless Login Works
- Disable Password Login on Server
Guide
Generating Public / Private Key Pair
ssh-keygen -t rsa
Add Public Key to Server
Manual Way
Go to .ssh under your home directory
cd ~/.ssh
Info: In case you don't have a “.ssh” directory, create it and set the permissions to 700
mkdir .ssh && sudo chmod 700 .ssh
Inside you should have a file called “authorized_keys”. If you do not, make it and set the permissions to 600
touch authorized_keys && sudo chmod 600 authorized_keys
Copy your public key from *.pub to authorized_keys. It should look something like this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVtv5prVJ[.....]
Automatic / Easy Way
ssh-copy-id user@remote-host
Verify that the Passwordless Login Works
Disable Login via Password
Important! Be 110% sure the passwordless login works, else you will lock yourself out.
Edit the file “sshd_config”
nano /etc/ssh/sshd_config
Update / Confirm the following 3 values:
PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no
Restart the service with:
sudo systemctl restart sshd
Using per-host SSH configuration
Edit your .ssh/config
sudo nano ~/.ssh/config
~/.ssh/config eg:
Host opportunity HostName 10.20.30.40 User remoteUser IdentityFile ~/.ssh/privateKey
Connect with:
ssh opportunity