This post shows students and new users steps to install and configure SSH with key login with no password or passwordless. SSH supports various authentication methods. Using a public key is more secure and convenient than traditional password authentication.
Secure Shell (SSH) is a communication protocol that allows for secure communication between networked computers. Using this post, you’ll learn how to set up an SSH key-based authentication on Ubuntu Linux and log in without entering a password.
If you’re a webmaster or an IT professional managing an SSH server, the most secure way is to set up passwordless authentication and only allow public keys.
Also, for students and new users learning Linux, Ubuntu Linux is the easiest place to start learning. Ubuntu is the modern, open-source Linux operating system for desktops, servers, and other devices.
To set up key-based SSH authentication on Ubuntu, follow the steps below.
How to create SSH keys on Ubuntu Linux
As mentioned above, key-based authentication is the most secure way to log on to an SSH server. If you haven’t already created an SSH key, run the commands below to create one.
The command below generates a new 4096 bits SSH key pair with your email address as a comment.
ssh-keygen -t rsa -b 4096 -C "your_username@example.com"
After running the commands above, you’ll be prompted to specify a filename for the keys. In most cases, the default location and filename should work.
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
Next, you’ll be asked to type a secure passphrase. A passphrase adds an extra layer of security, so you must type the passphrase before you use the key to log in to the remote machine.
Enter passphrase (empty for no passphrase):
Press ENTER without typing a passphrase.
On your screen, the entire interaction should look similar to the one below.
Generating public/private rsa key pair. Enter file in which to save the key (/home/richard/.ssh/id_rsa): Created directory '/home/richard/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/richard/.ssh/id_rsa Your public key has been saved in /home/richard/.ssh/id_rsa.pub The key fingerprint is: SHA256:F217Tplf9iVDvyTRBRfkeXEdQfCugtgC16BrpRqQYpE admin@example.com The key's randomart image is: +---[RSA 4096]----+ | .=OO| | . . +.*| | E . . o..=.| | o . o o oo+.| |.+ o oS.. ..Bo=| |o . * o.. ++==| | . + o o . ...o| | + . . | | . | +----[SHA256]-----+
Once done, two new files should be created in your home directory (id_rsa and id_ras.pub).
That’s it! You have successfully created a key pair.
How to copy the public key on Ubuntu
Now that you have a keypair, your next step is to copy your public key to the removed SSH server. There are multiple ways to do it. The easiest and recommended way to copy the public key to the server is to use the ssh-copy-id tool.
Run the command below to copy your public key to a remote server.
ssh-copy-id username@server_ip_address
Replace the username and server_ip_address with your account on the remote server.
Since key-based authentication isn’t yet configured, you’ll be prompted to type in your SSH password.
Once authenticated, the public key ~/.ssh/id_rsa.pub will be appended to the remote user ~/.ssh/authorized_keys file, and the connection will be closed.
richard@10.0.2.17's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'richard@10.0.2.17'" and check to make sure that only the key(s) you wanted were added.
How to configure SSH for passwordless login
After you’ve copied your public key, the next step is turning off password authentication.
Log on to the remote server with your password, then open the SSH configuration file by running the commands below.
sudo nano /etc/ssh/sshd_config
In the file, find the lines below and change the value to match these.
PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no
Save the file and exit.
Restart the SSH server on the remote host.
sudo systemctl restart ssh
After that, password login should be disabled.
Next type simply typing the command below will log you in without a password prompt.
ssh username@server_ip_address
That should do it!
Conclusion:
This post showed you how to set up key-based SSH authentication on Ubuntu Linux. Please use the comment form if you find errors or want to add something below.
Leave a Reply