≡ Menu

Passwordless SSH Authentication on Linux

There are two ways of achieving passwordless authentication on a Linux Box.

On Debian/Ubuntu you can just type:

$ cd $HOME
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key:

Press Enter each question and you will have a pair of keys ready to use.

You will be asked for a passphrase but if you do not want to insert anything just leave it blank.

This procedure will create one private and one public key.

$ ls .ssh/
id_rsa  id_rsa.pub  known_hosts
The private key must be secured on your box whereas the public key can be copied across
$ ssh-copy-id -i .ssh/id_rsa.pub 192.168.1.30

At this time you will be asked for the password but once the key has been copied you will be able to ssh just perfectly.

As additional security you could lock the account to prevent someone without key to ssh into the box. In order to do that

me@mybox:~$ ssh 192.168.1.30
me@server:~$ su -
password:
root@server:~# usermod -L me
usermod -L

will lock the account “me” preventing anyone using password credentials for that account. You will only be able to access with you trusted ssh-key. If you don’t want anymore the account locked just type:

root@server:~# usermod -U me

-U flag will unlock the account

ON SOME OTHER DISTROS:

the “ssh-copy-id” utility doesn’t exist so you will have to copy it manually.
If you can copy and paste then

$ cat .ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv4k0ChLXCfpF+o/4HcqAqYEivRSHHYsTlXfT4I0jmOAI+MKjVTB/CtKqq4h7KMyXrUUo7vtceac4i2FRSm6PdsWksJXsYxkOj+ZXXD2fOnJIDKfIr41URcZH4qmztYO+/9YYcQudPzNlt9tLx5jrkhI7sLy56OmKRwfrxq+UY7ebt+j7y5DmevJP0u7bzREPUA/rcVoPxH0/u015O2BcaJmNoxR1pNfMC3Oefn1eAkodo6fOa3vHHo7WhSpDL/42xsBWPnOAAEDM9tmOUyCJDc8l4Mzm+TindqY2yL2GPspabaEAV3rfuF9O4Ywe+tVIPc2/YXo9XvQxyXZqHxtcw==== me@mybox

Paste the line into the remote server’s .ssh/authorized_keys file.

REMEMBER that it’s just one line so if during copy and paste you get some new line characters that key won’t work.

If you can’t copy and paste and want to have the confidence the key has been correctly copied just scp the id_rsa.pub to the server

me@mybox:~$ scp .ssh/id_rsa.pub 192.168.1.30:/home/me/
me@server:~$ ssh 192.168.1.30
me@server:~$ cat id_rsa.pub >> .ssh/authorized_keys

For more info

man usermod
man ssh-keygen

Comments on this entry are closed.

Next post:

Previous post:

Copyright © Nish Vamadevan 2002-2017. All Rights Reserved. Terms and Policies.