- Published on
How To Setup SSH Key Based Passwordless Authentication in Linux
- Authors
- Name
- Karan Jadhav
- @IamKaranJadhav
Table of Contents
What is SSH Key Based Passwordless Authentication?
Simply put, SSH Key Based Passwordless Authentication is a way to access your machine without entering password. This is a great way to access your machine from anywhere without entering password.
Why should I use SSH Key Based Passwordless Authentication?
Because it's way secure and easy to use. You don't need to enter password to access your machine. And only person with the ssh private key file can access your machine.
How to setup SSH Key Based Passwordless Authentication in Linux
You will need to make your you have openssh installed on your machine. If you don't have it installed, you can install it with the following command:
sudo apt install openssh-server
Generate SSH Key
To generate ssh key, you can use the following command:
ssh-keygen -t rsa -b 4096 -C "key_name"
here key_name is the name of the key. You can use any name you want. For example, I will use my_key as the name of the key.
-t is the type of the key. You can use rsa or ed25519. I will use rsa as the type of the key.
-b is the size of the key. You can use any size you want. I will use 4096 as the size of the key.
-C is the comment of the key. You can use any comment you want. I will use my_key as the comment of the key.
After running the above command, you will be asked to enter the location of the key. You can press enter to use the default location. You will also be asked to enter a passphrase. You can enter a passphrase or leave it blank. If you enter a passphrase, you will be asked to enter the passphrase again.
After running the above command, you will see the following output:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx username@hostname
The key's randomart image is:
+---[RSA 4096]----+
| |
| |
| |
| |
| |
| |
| |
| |
| |
+----[SHA256]-----+
Copy SSH Key to Remote Server
To copy the ssh key to remote server, you can use the following command:
ssh-copy-id -i ~/.ssh/id_rsa.pub username@hostname
here username is the username of the remote server. You can use any username you want. For example, I will use root as the username of the remote server.
hostname is the hostname of the remote server. You can use any hostname you want. For example, I will use example.com as the hostname of the remote server.
After running the above command, you will be asked to enter the password of the remote server. After entering the password, you will see the following output:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/username/.ssh/id_rsa.pub"
The authenticity of host 'example.com (xxx.xxx.xxx.xxx)' can't be established.
ECDSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '
username@hostname'"
and check to make sure that only the key(s) you wanted were added.
Test SSH Key Based Passwordless Authentication
To test the ssh key based passwordless authentication, you can use the following command:
ssh username@hostname
if you haven't entered a passphrase, you will be logged in to the remote server without entering password. If you have entered a passphrase, you will be asked to enter the passphrase.
Troubleshooting
If you are getting the following error:
ssh: connect to host example.com port 22: Connection refused
You can try the following command:
sudo systemctl restart ssh
Final Words
In this tutorial you have learned how to setup ssh key based passwordless authentication in linux. You can use the same method to setup ssh key based passwordless authentication in any linux machine. If you have any questions, you can ask them in the comments section below.