SSH, also known as Secure Shell, is a network protocol that allows two computers to communicate remotely. It's mainly used when logging in to a remote machine to execute commands. Its security makes it popular as it uses encryption to secure the connection between the client and the server, thus preventing unauthorized access and protecting sensitive data.
Although many methods exist of authenticating via SSH protocol, the major ones are passwords and public/private key pairs.
Setting up the passwordless SSH login is as simple as generating a public authentication key and adding it to the remote hosts' files.
This authorized_keys file allows you to store SSH keys for trusted systems. This will allow you to log in automatically using the private key pair.
The default location for the authorized_keys file is
Check for Existing Key Pairs
You can follow the steps shown below to perform the actions above:
- The first step is to check for existing key pairs, preventing you from overwriting existing ones. You can achieve this with the following command.
ls -al ~/.ssh/id_*.pub
- In this case, we are checking the existence of a public SSH key. This can be any filename ending in
.pub. You can skip the key generation step if such a file exists on your machine.
- However, if the output shows No such file or directory, you can proceed to the next step and generate new public/private key pairs.
Generate New SSH Key Pair
- The second step is to generate the public/private key pairs. You can achieve this by using the ssh-keygen command.
ssh-keygen -t rsa -**b** 4096 -C "[email protected]"
The command above allows you to specify various options for your SSH keys.
-tflag enables you to select the algorithm to authenticate the keys. In this case, we are using the RSA method, which provides high encryption and security for your SSH keys. You can consider other options such as dsa, ecdsa, and ed25519.
-bflag allows you to specify the number of bits in the key to create. When using
-rsa, a key size of at least
2048bits is recommended. However, you are safer using
-cflag lets you add a comment. In this case, the email address is the comment.
- You will receive a few prompts, save location. We recommend using the default location in your home directory,
~/.ssh. Next, ensure no public/private key pairs with similar filename exists on the target directory. This will prompt you to overwrite the existing keys.
- The next prompt is to enter a passphrase. This step is up to you, but use a strong passphrase to provide an additional layer of security when working with fully automated processes. Keep in mind that setting a passphrase will require you to enter the password for every login. This might defeat the purpose of Passwordless SSH login.
- Press Enter if you don't wish to provide a passphrase and complete the key generation process.
- Once complete, you can verify the keys are generated by listing the keys with the following command.
Copy the Public Key to the Server
- Once you have generated your public and private key pairs, the next step is to add the public key to the remote server authorized_keys.
- We can use the
ssh-copy-idtool to accomplish this easily and efficiently.
- The command syntax is as shown below:
- Where the remote_username refers to the username of the remote user as whom you wish to log in. If you wish to log in as the root user, specify the username as root.
- Next, replace the
server_ip_addresswith the address of your remote machine.
- For the first time, the command will prompt you to specify the remote user's password. Enter the password and press Enter to proceed.
- Upon success, the
ssh-copy-id toolwill add the public key to the authorized_keys file of the remote server and terminate the connection.
If you do not have the ssh-copy-id command available on your machine, you can use tools such as cat, as shown in the example below:
cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
The command works by catting the contents of the SSH public key and piping it to the SSH command. The next block logs in to the server via SSH creates the
~/.ssh directory and sets the required permissions on the directory.
Finally, the command will append the contents of the public key to the
authorized_keys file and set sufficient permissions for it.
It is good to remember that this method is prone to error as it can easily lead to overwriting or corruption of the keys in the
authorized_keys directory. Instead, we recommend using the
If you are one Ubuntu or any Debian-based distribution, you can install it by running the command:
sudo apt-get install ssh-client -y
Testing the Connection
Once you've completed the previous steps, it should be possible to log in to your remote server without a password. You can confirm this by attempting to log in to your remote server.
Run the SSH connection command as:
The command above should log you in without the need for a password.
In this post, you discovered step-by-step instructions on configuring Passwordless SSH logins using public/private key pairs. Using SSH key pairs allows you to enhance the security of your remote machines by eliminating the need for a password. They also save time and effort when logging in to multiple servers.