What is Passwordless SSH and How to setup it?

by anupmaurya
0 comment 91 views

In this tutorial, You’ll learn about what is Passwordless SSH and how to set up an SSH key-based authentication as well as how to connect to your Linux server without entering a password.

SSH (Secure Shell) allows secure remote connections between two systems. With this cryptographic protocol, you can manage machines, copy, or move files on a remote server via encrypted channels.

What is Passwordless SSH ?

Passwordless SSH is a network security protocol that authenticates the user and creates a secure communication channel.

There are two ways of enabling SSH:

  • Password-based authentication
  • Public key-based authentication

Public key-based authentication is often called passwordless SSH.

Setup SSH Passwordless Login 

To set up a passwordless SSH login in Linux all you need to do is to generate a public authentication key and append it to the remote hosts ~/.ssh/authorized_keys file.

The following steps will describe the process for configuring passwordless SSH login:

Check for existing SSH key pair

Before generating a new SSH key pair first check if you already have an SSH key on your client machine because you don’t want to overwrite your existing keys.

Run the following ls command to see if existing SSH keys are present:

ls -al ~/.ssh/id_*.pub
What is Passwordless SSH and How to setup it?

If there are existing keys, you can either use those and skip the next step or backup up the old keys and generate a new one.

If you see No such file or directory or no matches found like in the above image, it means that you do not have an SSH key and you can proceed with the next step and generate a new one.

To generate a public and private key use the command

ssh-keygen -t rsa

The option -t stands for type, while RSA is the protocol used for key generation. RSA is the default type – hence you can also use the simpler version of the command – ssh-keygen.

The default key is of 2048 bits. However, if you want stronger security, you can change the value to 4096 bits. In that case, the command will be:

What is Passwordless SSH and How to setup it?
ssh-keygen -t rsa -b 4096

This is an interactive key generation process and you will be asked a few questions like:

  • Enter file in which to save the key (/home/.ssh.id_rsa)
  • Enter passphrase (empty for no paraphrase)
What is Passwordless SSH and How to setup it?

You can press enter for both these questions and this will take the default values. A paraphrase is used to encrypt the private key; however, this is not mandatory and can be left blank. The private key will be saved in the default location – .ssh/id_rsa.

To be sure that the SSH keys are generated you can list your new private and public keys with:

ls ~/.ssh/id_*.pub
Code language: JavaScript (javascript)
What is Passwordless SSH and How to setup it?

Copy the public key to remote

Now that you have generated an SSH key pair, in order to be able to login to your server without a password you need to copy the public key to the server you want to manage.

The easiest way to copy your public key to your server is to use a command called ssh-copy-id. On your local machine terminal type:

ssh-copy-id remote_username@server_ip_address
Code language: CSS (css)

You will be prompted to enter the remote_username password:

remote_username@server_ip_address's password:
Code language: CSS (css)

Once the user is authenticated, the public key will be appended to the remote user authorized_keys file and connection will be closed.

How to Login to your server using SSH keys

After completing the steps above you should be able to log in to the remote server without being prompted for a password. To test it just try to login into your server via SSH

ssh remote_username@server_ip_address

If everything went well, you will be logged in immediately.

How to Disable Passwordless SSH

If you decide that passwordless SSH isn’t for you, you can disable it by following the steps below. To make this change open the SSH configuration file – /etc/ssh/ssh_config. Again, any editor will work, we use nano. Here you will find an entry with PasswordAuthentication. Modify the lines as shown:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Once this is changed, save the file and restart SSH.

sudo systemctl restart ssh

Why use Passwordless SSH?

Users sometimes find password-protected options hard to remember and uncomfortable. You may be in an environment where you need to enter your password frequently.

There are a few advantages of Passwordless SSH:

  • Easy and non-interactive login. Users don’t have to type the password for every new session
  • More secure compared to passwords as it works on public-private key cryptography
  • More reliable
  • Better authentication and authorization management
  • A good solution for both small and large infrastructure
  • Easy to build and maintain

Conclusion

Hope this article is useful to you. You learned about, what is passwordless SSH and how to set up an SSH key-based authentication, allowing you to log in to your remote server without providing a user password. You can add the same key to multiple remote serves.

You also learned about how to disable SSH password authentication and add an extra layer of security to your server.

If you have any questions or feedback, feel free to leave a comment.

You may also like