Setup SSH Keys to Login Linux Without Password

In this article, we will learn how to setup password-less login on Linux using ssh keys to connect to remote Linux servers without entering a password.


Using Password-less login with SSH keys will increase the trust between two Linux servers.


Here are 3 steps to log in to Linux without the password.

  1. Generating SSH Keys on Client

  2. Copy public key to the server

  3. Disable password login on the server


Generating SSH Keys on Client

We can use ssh-keygen command to generate SSH keys in Linux.

  1. Generate a key pair with the following command. The default SSH key type is RSA. Check this post to know which SSH Key type is more secure in Linux.

  2. Press Enter to confirm the default location (that is, ~/.ssh/id_rsa) for the newly created key.

  3. Enter a passphrase, and confirm it by entering it again when prompted to do so.

  4. Check the SSH public key file and private key file with ls command under ~/.ssh/ directory

  5. Change the permissions of the ~/.ssh/ directory and key files:

Here are the commands we use for generating SSH keys.

# ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/john/.ssh/id_rsa):
The key fingerprint is:
SHA256:6ezTTbbipomsipqJrsmqHFkGeM0VMPDv24PhimnbD+Y john@TOCAO-M-F13P
The key's randomart image is:
+---[RSA 4096]----+
|  ..o.o.         |
|.  + o           |
|... +            |
| ..  .   .       |
|   o  . S        |
|  +  ..o    o    |
| o  o..oo. + .   |
|+=o* oo=o.+ o    |
|^==oE+= =*..     |
+----[SHA256]-----+
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa.pub
$ chmod 600 ~/.ssh/id_rsa



Copy public key to the user account on the server

  1. Append the content of ~/.ssh/id_rsa.pub into the ~/.ssh/authorized_keys file on the server-side.

  2. Change the permissions of the ~/.ssh/authorized_keys file and ~/.ssh using the following command on the server-side.

We can use these three commands to copy the public key to the remote server.

cat ~/.ssh/id_rsa.pub | ssh user@ssh-server.example.com "cat >> ~/.ssh/authorized_keys"
$ chmod 600 ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh

Disable Password login on the server

  1. Ensure this option "PasswordAuthentication no" in /etc/ssh/sshd_config in server

  2. Add this configuration "PubkeyAuthentication yes " in /etc/ssh/sshd_config

  3. To enable the change, restart the SSH daemon with this command "systemctl restart sshd "

Now we can log in to the remote server without a password.





29 views

Join our newsletter. Get a free Linux account on Cloud.

Never miss a post!

Want a free Linux account?  This account can be used to login to our cloud server and practice Linux commands.

 
kamateravps.gif
topbackgroud.png

✔ Linux Commands   ✔ Linux Skills    ✔ LinuxPerformance   ✔ Linux Interview

Some articles are from the public internet. If you find your article misused or undesired here and you don't want us to display it, please let us know and we'll remove it immediately.