Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Linux: Configuring Passwordless Login via SSH ====== Also Part of: [[:computer_science:linux:hardening:hardening_linux_servers|Hardening Linux Servers]] ===== Summary of Steps: ===== - Make Public / Private Key Pair - Add Public Key to Server - Verify Passwordless Login Works - Disable Password Login on Server ===== Guide ===== ==== Generating Public / Private Key Pair ==== <code bash> ssh-keygen -t rsa </code> ==== Add Public Key to Server ==== === Manual Way === Go to .ssh under your home directory <code bash> cd ~/.ssh </code> Info: In case you don't have a ".ssh" directory, create it and set the permissions to 700 <code bash> mkdir .ssh && sudo chmod 700 .ssh </code> Inside you should have a file called "authorized_keys". If you do not, make it and set the permissions to 600 <code bash> touch authorized_keys && sudo chmod 600 authorized_keys </code> Copy your public key from *.pub to authorized_keys. It should look something like this: <code bash> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVtv5prVJ[.....] </code> ---- === Automatic / Easy Way === <code bash> ssh-copy-id user@remote-host </code> ==== Verify that the Passwordless Login Works ==== ==== Disable Login via Password ==== __**Important!**__ Be 110% sure the passwordless login works, else you will lock yourself out. Edit the file "sshd_config" <code bash> nano /etc/ssh/sshd_config </code> Update / Confirm the following 3 values: <code bash> PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no </code> Restart the service with: <code bash> sudo systemctl restart sshd </code> ====== Using per-host SSH configuration ====== ===== Edit your .ssh/config ===== <code> sudo nano ~/.ssh/config </code> ~/.ssh/config eg: <code>Host opportunity HostName 10.20.30.40 User remoteUser IdentityFile ~/.ssh/privateKey </code> Connect with: <code> ssh opportunity </code> CKG Edit computer_science/linux/hardening/linux_passwordless_ssh_login.txt Last modified: 2023/12/01 12:07by 127.0.0.1