• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Miguel Ángel Antolín Bermúdez

Personal portfolio & Blog

  • Home
  • Blog & posts
You are here: Home / Engineering / how to / Passwordless auth through SSH

Engineering, how to / 7th April 2020

Passwordless auth through SSH

Passwordless auth through SSH is a new way to login onto your remote hosts. It’s possible to configure your machine to allow your computer to access it through SSH without providing a password each time you try to connect. With this authentication method, we can improve the security and reliability of our server.

Check for existing keys

First, check whether there are already keys on the computer you are using to connect to the machine, run the following command on your terminal:

ls ~/.ssh

If you see files named id_rsa.pub or id_dsa.pub, you have keys set up already, so you can skip the generating keys step (or delete these files with rm id* and make new keys).

Generating a new pair of keys

To generate new SSH keys, run the following command on your terminal:

ssh-keygen

Upon entering this command, you’ll be asked where to save the key. We suggest you save it in the default location (${system.userdir}/.ssh/id_rsa) by just hitting Enter.

If you choose to use a passphrase, type it here and press Enter, then type it again when prompted. Leave the field empty for no passphrase.

Now look inside your .ssh directory:

ls ~/.ssh

and you should see the files id_rsa and id_rsa.pub:

authorized_keys  id_rsa  id_rsa.pub  known_hosts

The id_rsa file is your private key. Keep this on your computer.

The id_rsa.pub file is your public key. This is what you share with machines you want to connect to. When the machine you try to connect to matches up to your public and private key, it will allow you to connect.

Take a look at your public key to see what it looks like:

cat ~/.ssh/id_rsa.pub

It should be in the form:

ssh-rsa <REALLY LONG STRING OF RANDOM CHARACTERS> user@host

Copy your public key to your remote server

Tenable Passwordless auth through SSH and copy your public key to your server, use the following command, on the computer you will be connecting from, to append the public key to your authorized_keys file on the server host, sending it over SSH:

ssh-copy-id <USERNAME>@<IP-ADDRESS>

Note that this time you will have to authenticate with your password.

Alternatively, if the ssh-copy-id is not available on your system, you can copy the file manually over SSH:

cat ~/.ssh/id_rsa.pub | ssh <USERNAME>@<IP-ADDRESS> 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'

Now try ssh <USER>@<IP-ADDRESS> and you should be able to connect with your server without a password prompt.

If you see a message “Agent admitted failure to sign using the key” then add your RSA or DSA identities to the authentication agent ssh-agent then execute the following command:

ssh-add

If this did not work, delete your keys with rm ~/.ssh/id* and follow the instructions again.

Let macOS store your passphrase so you don’t have to enter it each time

If you’re using macOS and after verifying that your new key allows you to connect, you can optionally choose to store the passphrase for your key in the macOS Keychain. This will make it so that you don’t have to enter the passphrase each time you connect to your terminal server.

Run the following command to store it in your keychain:

ssh-add -K ~/.ssh/id_rsa

Disable password authentication on your server

Let’s edit our SSH daemon configuration file to disable the password authentication option. On the server host, edit the file with the following command:

sudo nano /etc/ssh/sshd_config

Now, find PasswordAuthentication, uncomment it and set it to no:

PasswordAuthentication no

Save and close the file. Reload the SSH server and changes will be applied on your server:

sudo systemctl reload ssh

Now, password login access is disabled on your server-side, and only you’ll be the one who’s able to log on it with your SSH private key.

This post is based on passwordless documentation for Raspberry Pi and disabling ssh password login on linux publications.

You can also take a look to our other posts here.

Enjoy it!

Filed Under: Engineering, how to Tagged With: passwordless, Server, ssh

Footer

Find me at

  • GitHub
  • LinkedIn

Recent Posts

  • Passwordless auth through SSH
  • Raspberry Pi 4 Overclocked!
  • Raspberry 3B+ Overclock
  • Google assistant on Raspberry pi
  • Block ads anywhere with Pi-hole and a VPN

© 2020 · Made with ❤ in Seville