In this tutorial, You’ll learn about what is Passwordless SSH and how to set up an SSH key-based authentication as well as how to connect to your Linux server without entering a password.
SSH (Secure Shell) allows secure remote connections between two systems. With this cryptographic protocol, you can manage machines, copy, or move files on a remote server via encrypted channels.
What is Passwordless SSH ?
Passwordless SSH is a network security protocol that authenticates the user and creates a secure communication channel.
There are two ways of enabling SSH:
- Password-based authentication
- Public key-based authentication
Public key-based authentication is often called passwordless SSH.
Setup SSH Passwordless Login
To set up a passwordless SSH login in Linux all you need to do is to generate a public authentication key and append it to the remote hosts
The following steps will describe the process for configuring passwordless SSH login:
Check for existing SSH key pair
Before generating a new SSH key pair first check if you already have an SSH key on your client machine because you don’t want to overwrite your existing keys.
Run the following ls command to see if existing SSH keys are present:
ls -al ~/.ssh/id_*.pub
If there are existing keys, you can either use those and skip the next step or backup up the old keys and generate a new one.
If you see
No such file or directory or
no matches found like in the above image, it means that you do not have an SSH key and you can proceed with the next step and generate a new one.
To generate a public and private key use the command
ssh-keygen -t rsa
The option -t stands for type, while RSA is the protocol used for key generation. RSA is the default type – hence you can also use the simpler version of the command – ssh-keygen.
The default key is of 2048 bits. However, if you want stronger security, you can change the value to 4096 bits. In that case, the command will be:
ssh-keygen -t rsa -b 4096
This is an interactive key generation process and you will be asked a few questions like:
- Enter file in which to save the key (/home/.ssh.id_rsa)
- Enter passphrase (empty for no paraphrase)
You can press enter for both these questions and this will take the default values. A paraphrase is used to encrypt the private key; however, this is not mandatory and can be left blank. The private key will be saved in the default location – .ssh/id_rsa.
To be sure that the SSH keys are generated you can list your new private and public keys with:
Copy the public key to remote
Now that you have generated an SSH key pair, in order to be able to login to your server without a password you need to copy the public key to the server you want to manage.
The easiest way to copy your public key to your server is to use a command called
ssh-copy-id. On your local machine terminal type:
Code language: CSS (css)
You will be prompted to enter the
Code language: CSS (css)
Once the user is authenticated, the public key will be appended to the remote user
authorized_keys file and connection will be closed.
How to Login to your server using SSH keys
After completing the steps above you should be able to log in to the remote server without being prompted for a password. To test it just try to login into your server via SSH
If everything went well, you will be logged in immediately.
How to Disable Passwordless SSH
If you decide that passwordless SSH isn’t for you, you can disable it by following the steps below. To make this change open the SSH configuration file – /etc/ssh/ssh_config. Again, any editor will work, we use nano. Here you will find an entry with PasswordAuthentication. Modify the lines as shown:
PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no
Once this is changed, save the file and restart SSH.
sudo systemctl restart ssh
Why use Passwordless SSH?
Users sometimes find password-protected options hard to remember and uncomfortable. You may be in an environment where you need to enter your password frequently.
There are a few advantages of Passwordless SSH:
- Easy and non-interactive login. Users don’t have to type the password for every new session
- More secure compared to passwords as it works on public-private key cryptography
- More reliable
- Better authentication and authorization management
- A good solution for both small and large infrastructure
- Easy to build and maintain
Hope this article is useful to you. You learned about, what is passwordless SSH and how to set up an SSH key-based authentication, allowing you to log in to your remote server without providing a user password. You can add the same key to multiple remote serves.
You also learned about how to disable SSH password authentication and add an extra layer of security to your server.
If you have any questions or feedback, feel free to leave a comment.