Logging In Via SSH Without A Password
Quite often, you want to ssh into a remote server without having to enter a password. I use this mostly for scripts that I want to run non-interactively, like the rdiff-backup script I use for backing up my home computer to a remote server. SSH allows you to do this in a relatively secure way using public key authentication.
The first thing you’ll need is a working ssh server that you want to access, and an ssh client on the computer you want to access it from. ssh is such a common tool in linux, that the client should come pre-installed on your distribution. I’m assuming that you’re looking for answers on this topic because you already have an ssh server you want passwordless access to, so I’m not going to go into detail on setting up an ssh server – although I will cover setting up an existing ssh server for passwordless login.
setting up the server for passwordless login
You will need to make sure that the server will accept passwordless logins. This means you have to enable public key authentication on the server. To do this, open up /etc/ssh/sshd_config in a text editor (I would suggest nano or kate). Then make sure that the following two lines are uncommented, or if not there, add them in. To uncomment the line, remove the ‘#’ from the beginning of the line:
RSAAuthentication yes
PubkeyAuthentication yes
You will need to restart the ssh server. Do this with:
Finally make sure that permissions are right on the server. If there’s no ~/.ssh directory, make one:
Once you’ve got a ~/.ssh directory, change the permissions using:
that should be enough to setup the server side of things.
setting up the client side of the equation
First you’ll need to setup a keypair. If you already have the files ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub, you should be good to go. If not, then you need to add them. Use the following command:
You will then be asked some questions. Simply hit “Enter” to answer them all:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/skx/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/skx/.ssh/id_rsa.
Your public key has been saved in /home/skx/.ssh/id_rsa.pub.
Answering without putting in a password means that the keys can be unlocked without a password, which is the whole point of “passwordless” login. Now we can do a little magic. Previously when setting up passwordless logins with ssh, I’ve gone through a dance of copying keys from the local computer to the remote computer. However, now I’ve found a new programme that does all this automagically. So, type this into a terminal:
ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote_host
Obviously you will need to replace “username” with the user you want to login as on the remote computer, and “remote_host” with the ip/hostname of the ssh server. This command will ask you for a password – don’t be alarmed; this sets up the passwordless-ness, so needs a password to do it. Once you’ve done this, you should be good to go. Try logging into the remote server, and you should be password free.
about 2 months ago
Thank you very much!!!! This has been so clear and sooooo easy!!!!
about 1 month ago
Awsome article… Helped me a lot … Simple..
Suggestion: When we try to add the key there may be an error ” Host key verification failed.”
Please also give suggestion to delete the corresponding line if the error persists.
about 1 month ago
Suggestion: When we try to add the key there may be an error ” Host key verification failed.”
+1
about 3 weeks ago
Is this method secure enough for a production environment? It would seem that some would want the added security of forcing a password for authentication. Plus it helps one remember their password, if they are using it to login often. I typically change the ssh port for added security.