2 Simple Steps to Set up Passwordless SSH Login on Ubuntu – Introduction
Passwordless SSH – The two primary techniques for user login authentication with the OpenSSH server are password authentication and public key authentication. The latter is commonly referred to as passwordless SSH login because you don’t have to enter your password.
Setting Up Passwordless SSH Login in 2 Easy Steps
Step 1: On your Ubuntu desktop, create a public/private key pair
On your Ubuntu desktop (not your server), launch a terminal session, and type the following command.
ssh-keygen -t rsa -b 4096
Where
-t stands for type. The program above creates a keypair of the RSA type. The default type is RSA.
-b stands for bits. The key’s length by default is 3072 bits. For greater security, we employ a 4096-bit key.
The password is at least 20 characters long and is used to encrypt the private key. When asked which file to save the key to, simply press Enter to use the original file.
The.ssh/id_rsa file in your home directory will house the private key (your identification).
The.ssh/id_rsa.pub file is where the public key will be saved.
We will observe how long the key (RSA 4096) is from the random picture. Now execute the next instruction.
file ~/.ssh/id_rsa
The output should be as follows:
/home/username/.ssh/id_rsa: OpenSSH private key
The “No such file or directory” error indicates that the SSH key pair hasn’t been created. To create it once more, issue the command ssh-keygen -t rsa -b 4096.
Step 2: Put Your Public Key on a Linux Server in the Distance
Note: You may use the next approach with any Linux distribution running on the remote server, including Debian, Ubuntu, RHEL, CentOS, and others, as long as it supports the OpenSSH server.
This is made simple by the ssh-copy-id program, which is part of the openssh-client package.
ssh-copy-id remote-user@server-ip
Put in the password for the remote user.
Now connect to the remote server via SSH, the public key will be saved in the .ssh/authorized_keys file in the remote user’s home directory.
ssh remote-user@server-ip
You can choose to unlock your key when you log in so you don’t have to re-enter your password. At this time, you need to enter the RSA password to unlock the private key.
After entering the master password, you are now connected to the remote Linux system.
exit
SSH into the remote server again.
ssh remote-user@server-ip
At this time, you log in to the remote control immediately, even if you have not entered a password or keycode. The scp command does not require you to enter a passphrase or passphrase when transferring files. The openssh-client package that comes pre-installed on the Ubuntu desktop also includes the scp command.
You may manually add the key passphrase using the following command if your Ubuntu desktop doesn’t prompt you to remember it.
secret-tool store –label=”Unlock password for: id_rsa” unique “ssh-store:/home/username/.ssh/id_rsa”
Password authentication can be turned off
Although your server now requires an SSH key to get in, you may still use a regular password to access the server from a different computer. It’s best to disable password authentication on the OpenSSH server unless you want hackers to brute force attacks to gain access to your server.
Edit the /etc/ssh/sshd_config file on the remote server to disable password authentication.
sudo nano /etc/ssh/sshd_config
Look for this line:
#PasswordAuthentication yes
Replace it with:
PasswordAuthentication no
The ChallengeResponseAuthentication line can then be found. Ensure that it is set to no as shown below. You may still log in using your password if it is set to yes.
ChallengeResponseAuthentication no
Restart the SSH service after saving the file.
For Debian/Ubuntu
sudo systemctl restart ssh
For RHEL/CentOS
sudo systemctl restart sshd
The following error will now appear when you try to connect to a remote server via SSH if the required private key is absent from the /.ssh directory.
Permission denied (publickey).
Or
Read: Connection reset by peer
That indicates that the remote server does not support password authentication and only supports SSH login using ssh keys. You may still log in using the password if you set Password Authentication to no and Challenge Response Authentication to yes. Each of them must be set to no to eliminate password login.
Your Public/Private Keypair’s Backup
It’s crucial to back up your SSH keys after disabling SSH password authentication. You will be locked out of your server if you misplace the keys. Your public/private key pair should be archived somewhere secure, such as a USB stick.
cp ~/.ssh/id_rsa* /path/to/safe/location/
Additionally, you may transfer the key pair, including the private and public keys, to a fresh Linux PC and use SSH keys to connect to your server. Move the key pair to the new user.ssh/ directory after copying them to a new machine.
mv id_rsa* ~/.ssh/
The user on the replacement machine must be designated as the key pair’s new owner.
sudo chown new-user:new-user ~/.ssh/id_rsa*
On the new PC, you may now log into a remote server using SSH keys.
On my local Ubuntu PC, I occasionally want to set up two user accounts for certain tasks. When I log into a different user account, I still want to utilize the SSH key. Simply transfer the SSH key pair’s public and private keys to the newly created users’ /.ssh/ folder. For the private key to be unlocked, you must input your RSA key passphrase. When signing in, you have the option of automatically unlocking the key so that you won’t need to type the passphrase again.
Key Password Storage in SSH Agent
Note: Please don’t follow this section if your local computer has a graphical user interface.
You might notice that every time you SSH onto another Linux server in a command-line-only Linux environment, you have to input your password. This is so that the SSH agent does not keep your key passphrase.
The SSH client box’s keychain installation and configuration.
sudo apt install keychain
Change the.profile or.bash_profile file after that. To ensure that these two instructions are executed each time the user signs in, add the following wording to it.
/usr/bin/keychain $HOME/.ssh/id_rsa
source $HOME/.keychain/$HOSTNAME-sh
Log out now, then log back in. You’ll notice something like this:
Last login: Thu Dec 17 20:38:39 2015 from 74.125.128.103
* keychain 2.7.1 ~ http://www.funtoo.org
* Found existing ssh-agent: 17651
* Adding 1 ssh key(s): /home/<username>/.ssh/id_rsa
Enter passphrase for /home/<username>/.ssh/id_rsa:
* ssh-add: Identities added: /home/<username>/.ssh/id_rsa
Key chain checks to see whether an ssh-agent is already running before starting one. This time, you must input the crucial passphrase. When a user logs in and out, the key passphrase is retained, but you must enter it again when the system restarts.
You can now ssh to the ssh server without typing the code as long as the ssh server has a public key, the ssh client now has a private/public key, and the keyring has been established successfully.
Altering the private key password
If you need to change your private key passphrase, use the command below:
ssh-keygen -f ~/.ssh/id_rsa -p
Enter your previous password first, followed by your new one.
Pro Tip: Use Screen to Keep Your Session Alive
Have you been working on a remote server when all of a sudden your computer loses internet access, preventing you from finishing the task at hand? To continue your experience, utilize the fantastic screen utility. Screen installation on an Ubuntu server:
sudo apt install screen
Then the launch screen:
screen
You’ll notice the starting message when the program initially launches. To finish, only hit Enter. After that, you can issue commands as normal.
If you have a lengthy process running on the server and don’t need to do anything else right now, you can press Ctrl+A, let go of the keys, and then press the D key to end the current Screen session. A notice similar to this one will appear.
[detached from 32113.pts-1.focal]
You can see that 32113 is the previous Screen session ID from this. You can terminate your local PC and log out of the SSH session simultaneously. Not to worry, the server’s task is still operating. When you need to verify the status, connect to your server using SSH and use the following command to acquire the previous Screen Session ID.
screen –ls
Sample output:
There is a screen on:
32113.pts-1.focal (05/19/2020 03:45:29 PM) (Detached)
1 Socket in /run/screen/S-linuxbabe.
After that, you can reconnect to the earlier Screen session.
creen -r 32113
When your Internet connection resumes after losing it unexpectedly while you are using Screen, you can perform the following command on the server.
screen -d -r 32113
Because the last Screen session wasn’t disconnected, we need the -d option this time. First, we must detach it (-d), then we must reconnect to it (-r).
Edit the Screen config file if you don’t want to display the starting message every time.
sudo nano /etc/screenrc
Look for the next line. To uncomment something, remove the # symbol.
#startup_message off
Save the file.
Pro Tip #2: Automatically Start Screen Session
Edit the .bashrc file.
nano ~/.bashrc
At the end of this file, insert the following line.
if [ -z “$STY” ]; then screen -RR; fi
Save the document, then exit. The screen will automatically launch the next time you SSH into the remote server.
Final Thoughts
No matter how complex the password, it’s less secure, because logging in repeatedly or to multiple servers slows down the process. Asymmetric keys and passwordless ssh authentication are not only more secure and prevent you from phishing attacks, but they are also more convenient.
Accessing your remote servers is made simple and secure by configuring passwordless SSH login on Linux. You can avoid entering your password each time you connect to a remote server by using public-key authentication. Set up passwordless SSH login by following the instructions in this article, then take advantage of the simplicity and security it offers.
Don’t forget to comment which linux commands you liked the most.
You can learn about linux more deeply by clicking the link below
https://linuxiron.com/what-is-linux-a-whole-introduction/
Learn about the linux commands by clicking the links below
https://linuxiron.com/echo-command-in-linux/
https://linuxiron.com/how-to-use-nice-renice-commands-in-linux/
https://linuxiron.com/how-to-use-kill-commands-in-linux/
https://linuxiron.com/a-beginners-guide-to-htop-for-process-management/
https://linuxiron.com/15-useful-yum-commands-in-linux/
https://linuxiron.com/how-to-use-the-top-command-in-linux/
https://linuxiron.com/17-ps-command-to-monitor-linux-process-with-examples-linuxiron/
https://linuxiron.com/12-cat-commands-in-linux-with-examples/
https://linuxiron.com/archiving-and-compressing-files-and-directories-in-linux/
https://linuxiron.com/how-to-run-the-du-command-in-linux/