How to enable SSH key Authentication: SSH login without a password!

by Luca on 03/09/2009 · View Comments

If you want to jump between servers without any password authentication but you still need security here is what you have to do.
There are two ways of achieving this:

On Debian/Ubuntu you can just type:

$ cd $HOME
~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key:

Press Enter each question and you will have a pair of keys ready to use.
You will be asked for a passphrase but if you do not want to insert anything just leave it blank.
This procedure will create one private and one public key.
$ ls .ssh/
id_rsa id_rsa.pub known_hosts
The private key must be secured on your box whereas the public key can be copied across
~$ ssh-copy-id -i .ssh/id_rsa.pub 192.168.1.30
At this time you will be asked for the password but once the key has been copied you will be able to ssh just perfectly.

As additional security you could lock the account to prevent someone without key to ssh into the box. In order to do that

me@mybox:~$ ssh 192.168.1.30
me@server:~$ su -
password:
root@server:~# usermod -L me

usermod -L will lock the account “me” preventing anyone using password credentials for that account. You will only be able to access with you trusted ssh-key. If you don’t want anymore the account locked just type:
root@server:~# usermod -U me
-U flag will unlock the account

ON SOME OTHER DISTROS:
the “ssh-copy-id” utility doesn’t exist so you will have to copy it manually.
If you can copy and paste then
~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv4k0ChLXCfpF+o/4HcqAqYEivRSHHYsTlXfT4I0jmOAI+MKjVTB/CtKqq4h7KMyXrUUo7vtceac4i2FRSm6PdsWksJXsYxkOj+ZXXD2fOnJIDKfIr41URcZH4qmztYO+/9YYcQudPzNlt9tLx5jrkhI7sLy56OmKRwfrxq+UY7ebt+j7y5DmevJP0u7bzREPUA/rcVoPxH0/u015O2BcaJmNoxR1pNfMC3Oefn1eAkodo6fOa3vHHo7WhSpDL/42xsBWPnOAAEDM9tmOUyCJDc8l4Mzm+TindqY2yL2GPspabaEAV3rfuF9O4Ywe+tVIPc2/YXo9XvQxyXZqHxtcw==== me@mybox

and paste the line into the remote server’s .ssh/authorized_keys file. REMEMBER that it’s just one line so if during copy and paste you get some new line characters that key won’t work.

If you can’t copy and paste and want to have the confidence the key has been correctly copied just scp the id_rsa.pub to the server

me@mybox:~$ scp .ssh/id_rsa.pub 192.168.1.30:/home/me/
me@server:~$ ssh 192.168.1.30
me@server:~$ cat id_rsa.pub >> .ssh/authorized_keys

For more info
man usermod
man ssh-keygen

Leave a Comment

blog comments powered by Disqus

Previous post:

Next post: