VPS

How to Setup Passwordless SSH on Linux

SSH stands for Secure Shell. It is an open source network protocol that can be used to log in to servers and execute commands remotely, which is great for VPS users! SCP (Secure Copy Protocol) which is based on SSH, can be used to copy files from one computer to another. In this tutorial, you’ll learn how to set up passwordless SSH on Linux.

There are two ways of enabling SSH:

  • Password-based authentication
  • Public key based authentication

Public key based authentication is often called passwordless SSH.

Why use Passwordless SSH?

Users sometimes find password-protected options hard to remember and uncomfortable. You may be in an environment where you need to enter your password frequently.

There are a few advantages of Passwordless SSH:

  • Easy and non-interactive login. Users don’t have to type the password for every new session
  • More secure compared to passwords as it works on public-private key cryptography
  • More reliable
  • Better authentication and authorization management
  • A good solution for both small and large infrastructure
  • Easy to build and maintain

To start using passwordless SSH you need to generate a public key. In this tutorial, we will be focusing on SSH version 2 which is the latest and more secure protocol.

Log into your VPS server using SSH, and we’ll be ready to start!

First, you can check if the SSH key for the client machine already exists. This will prevent overwriting the current configuration. You can use the below command to find out:

ls -al ~/.ssh/id_*.pub

If you find an existing key, then you can either skip the SSH key generation steps, override the current setup, or create a backup of the existing key. If the key doesn’t exist, you’ll see the following output:

ls: cannot access /users/appsadm/.ssh/id_*.pub: No such file or directory

Next, we can proceed to generate the SSH key.

Passwordless SSH in Ubuntu and CentOS:

To generate a public and private key on Ubuntu or CentOS, use the command:

ssh-keygen -t rsa

The option -t stands for type, while RSA is the protocol used for key generation. RSA is the default type – hence you can also use the simpler version of the command – ssh-keygen.

The default key is of 2048 bits. However, if you want stronger security, you can change the value to 4096 bits. In that case, the command will be:

ssh-keygen -t rsa -b 4096

This is an interactive key generation process and you will be asked a few questions like:

  • Enter file in which to save the key (/home/.ssh.id_rsa)
  • Enter passphrase (empty for no paraphrase)

You can press enter for both these questions and this will take the default values. A paraphrase is used to encrypt the private key; however, this is not mandatory and can be left blank. The private key will be saved in the default location – .ssh/id_rsa.

The public key will be saved in the .ssh/id_rsa.pub file. This completes the key generation. You can verify the files by using any editor.

Copying the Public Key to Enable Passwordless SSH

Copying the public key to a destination machine can be done in three ways:

  • Use the ssh-copy-id command
  • Copy using SSH
  • Copy Manually

The first option is the most preferred and fastest one. The command ssh-copy-id is by default included in most Linux flavors. However, in some instances where you face issues using ssh-copy-id or do not have access to this command then you can try the subsequent options.

Method 1: Using the ssh-copy-id Command

The basic syntax to use this command is as highlighted below:

ssh-copy-id remote_username@remote_IP_Address

Here you will get a prompt for the remote machine’s password. Once the authentication is successful, the generated SSH public key will be added to the remote machine’s authorized_keys file. After adding the entry, the connection will be closed automatically.

Method 2: Copy the Private Key Using SSH

The next method uses SSH to copy the private key. This can be used when you have password-based SSH access to the server. The command below will take care of the process. You only need to enter the remote user’s username and machine’s IP address.

cat ~/.ssh/id_rsa.pub | ssh remote_username@remote_ip_address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

This will add the entry into the remote machine’s authorized_keys file.

Method 3: Manually Copying the Public Key

The third method is slightly more difficult as its completely manual. However, in certain cases where the other methods don’t work, you can use this one! You’ll need to manually add the contents of the id_rsa.pub file to the remote server’s ~/.ssh/authorized_keys file.

On the source method you can display the contents of the id_rsa.pub file by using the vi editor or cat command:

cat ~/.ssh/id_rsa.pub

This would display an output containing the key starting with ssh-rsa. Copy it! Next on the remote server, login and create the .ssh file if it does not exist.

mkdir -p ~/.ssh

You can similarly create the authorized_keys file. Add the copied SSH public key to the empty file as shown below:

echo SSH_public_key >> ~/.ssh/authorized_keys

SSH_public_key would be the public key that you copied from the source machine. It will start with ssh-rsa.

Once the key is copied, you can provide the required permissions to the remote servers .ssh directory by using chmod command.

chmod -766 ~/.ssh

Testing Passwordless SSH

With this, we should have successfully activated passwordless SSH, and performed the basic configuration. To test the feature, you can try accessing the remote server via the source server. The command syntax would look like this:

ssh remote_username@remote_IP_Address

If everything worked successfully, then you will be able to login automatically without having to enter the password.

How to Disable Passwordless SSH

If you decide that passwordless SSH isn’t for you, you can disable it by following the steps below. To make this change open the SSH configuration file – /etc/ssh/ssh_config. Again, any editor will work, we use nano. Here you will find an entry with PasswordAuthentication. Modify the lines as shown:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Once this is changed, save the file and restart SSH. Here’s how to do it on Ubuntu 18.04:

sudo systemctl restart ssh

And the command for CentOS 7:

sudo systemctl restart sshd

Wrap Up

This completes our tutorial about Passwordless SSH. We covered passwordless SSH setup, configuration and how to disable it. We hope you found this how-to helpful! Remember, stay safe out there!

About the author

Edward S.

Edward is Hostinger's copywriter. He's an expert communicator with years of experience in IT as a writer, marketer, and Linux enthusiast. IT is a core pillar of his life, personal and professional. Edward's goal is to encourage millions to achieve an impactful online presence. He also really loves dogs, guitars, and everything related to space.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Exclusive Content

Join thousands of webmasters who get our free newsletter with tips on how to drive more traffic and revenue to their websites!

Please wait...

Thank you for sign up!

More in VPS
How to Kill a Process in Linux
Close