Setup password-less login to ssh on Linux

By | December 30, 2013

SSH login without password

SSH (Secure Shell) is commonly used when administering remote servers. If you are working on some server regularly and find it tiring to type in the ssh password again and again, then it might be a good option to configure the login to not ask for the password. It is possible to make ssh shell login without password. However this does not mean that the login would not be authenticated. Instead a different authentication scheme would be used.

Key based authentication

The solution is to setup and use key based authentication. In key based authentication, the authentication is done by a file that is present on your system, instead of you having to type the password again and again.

This key based authentication is based on using public key cryptography. In this authentication scheme there are 2 key files, one is kept on the server and other on your local machine. These are called public and private keys respectively. The keys always exist in unique pairs such that you must have the right private key in order to authenticate with the public key present on the server.

OpenSSH, the most common ssh package used on Linux, can be easily configured to use the key based authentication mechanism. And it takes only a few steps to configure.

Generate the keys

On ubuntu we are going to use the ssh-keygen command to generate the pair of keys.

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/john/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/john/.ssh/id_rsa.
Your public key has been saved in /home/john/.ssh/id_rsa.pub.
The key fingerprint is:
86:0c:a6:8d:c1:35:91:ab:b2:09:b8:b0:55:2f:58:2c john@localhost
The key's randomart image is:
+--[ RSA 2048]----+
|    +o           |
| . ...           |
|  o.o.           |
|  E*=o .         |
|. o*..o S        |
|= + . ..         |
|oB   .           |
|=                |
|                 |
+-----------------+

While generating the keys, it will ask for some information like where to save the key files, whether to set a passphrase or not. The keys are by default saved in the ".ssh" directory in your home directory. It can be any other location, but we use the default one to keep it simple.

Once the keys are generated you might want to peek into the ".ssh" directory. Take a look in there. You would find 2 files called

id_rsa
id_rsa.pub

The first file is the private key file. This file must always stay on your computer and is meant to be kept hidden from the outer world. The second file id_rsa.pub file is the public key file, that is meant to be distributed to everyone out there who wants to authenticate your identity in some form (which in this case is the webserver).

Give the public key to the server

Now its time to give the public key file id_rsa.pub to the webserver, so that it can authenticate using the key and not ask for password again and again. To copy the public key file, we use the ssh-copy-id command which will take our public key and copy it into the ~/.ssh/authorized_keys file on the remote server.

$ ssh-copy-id -i ~/.ssh/id_rsa.pub remoteuser@remote_web_server
The authenticity of host 'remote_web_server (69.101.52.13)' can't be established.
RSA key fingerprint is 26:50:b5:51:3d:06:a8:10:52:f8:8a:60:23:a7:31:a8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'remote_web_server' (RSA) to the list of known hosts.
remoteuser@remote_web_server's password: 
stdin: is not a tty
Now try logging into the machine, with "ssh 'remoteuser@remote_web_server'", and check in:

  ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
$

So now our public key has been copied over to the remote server. The output of the above command asks us to login using ssh to test if it works fine or not.

Login to the server

So now login to the remote machine without password

$ ssh remoteuser@remote_web_server
Last login: Wed Jan  2 11:26:14 2013 from 117.194.228.166
remoteuser@remote_web_server [~]#

Great, we logged in without the password.

About Silver Moon

A Tech Enthusiast, Blogger, Linux Fan and a Software Developer. Writes about Computer hardware, Linux and Open Source software and coding in Python, Php and Javascript. He can be reached at [email protected].

Leave a Reply

Your email address will not be published. Required fields are marked *