Passwordless SSH

Create SSH Username and Group for passwordless SSH:

groupadd pwdssh
useradd pwdssh -g pwdssh

Ensure you are now login as user pwdssh:

su pwdssh

Generate a new SSH key pair.

The following command will generate a new 4096 bits SSH key pair with your email address as a comment. Press Enter to accept the default configurations, edit any information you required:

ssh-keygen -t rsa -b 4096 -C ""
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):
Choose empty passphrase for automation.

To be sure that the SSH keys are generated you can list your new private and public keys with:

ls /home/yourusername/.ssh/id_*
/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/

Copy the public key

Now that you generated a SSH key pair, in order to be able to login to your server without a password you need to copy the public key to the server you want to manage. On your local machine terminal type:

ssh-copy-id remoteusername@server_ip_address
You will be prompted to enter the remoteusername password:
remoteusername@server_ip_address's password:

or you can manually copy the file /home/yourusername/.ssh/ and write into /home/remoteusername/.ssh/authorized_keys

If your SSH server is not using standard port, use the command below:

ssh-copy-id "-p PORT remoteusername@server_ip_address"

Login to your server using SSH keys

After completing the steps above you should be able login to the remote server without being prompted for a password.To test it just try to login to your server via SSH:

ssh remoteusername@server_ip_address

If everything went well, you will be logged in immediately.

Additional Notes:
vi /etc/ssh/sshd_config

Ensure below options are enabled:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
UsePAM yes
AllowUsers pwdssh

Ensure following are the permissions

ls -l /home/yourusername/.ssh/
total 20
-rw-r--r--. 1 pwdssh pwdssh 399 May 5 14:53 authorized_keys
-rw-r--r--. 1 pwdssh pwdssh 761 Jan 12 15:59 config
-rw-------. 1 pwdssh pwdssh 1671 Jan 12 15:44 id_rsa
-rw-r--r--. 1 pwdssh pwdssh 399 Jan 12 15:44
-rw-r--r--. 1 pwdssh pwdssh 410 Jan 12 15:46 known_hosts

Also, ensure the permissions for /home/yourusername/.ssh directory are:
drwx------. 2 pwdssh pwdssh 4096 May 5 14:56 .ssh

Be the first to comment

Leave a Reply

Your email address will not be published.