Modules

Jan 06, 2019

Passwordless authentication with ssh

In this quick tutorial, we are going to see how to enable passwordless authentication with ssh. Passwordless authentication is very helpful when we are working with remote hosts. It allows us to log in to remote hosts without typing the password in the terminal.

Table of Contents

Level of ssh configurations

First, try to understand the levels of ssh configurations. SSH files in the/etc/ssh directory specify the system-level ssh configuration. These configurations are common for all the users in the system. Run the following command to see these files. 

ls /etc/ssh
moduli ssh_config ssh_config.d sshd_config sshd_config.d

The next level is user-level configurations. We can specify user-level ssh configurations in the ~/.ssh directory. If there is no such directory, we can create it manually.

ls ~/.ssh 
config id_rsa d_rsa.pub  known_hosts

When we run an ssh command, it will first look user level configurations. That means ~/.ssh directory.  If it is not there it will look for system-level configurations. That means /etc/ssh directory.

SSH configs in the local host

In order to enable passwordless authentication, we have to have a ssh public key. You can check whether you already have a public key or not by running the following command in the terminal. 

ls ~/.ssh

This command lists the files available in the .ssh directory in your home directory. If these files are not there you will get a “No such file or directory” error. The private key(id_rsa) and public key are important files in terms of enabling passwordless authentication. If these files are not there in ~/.ssh file we can generate them manually.

Generate ssh private and public key

To generate the ssh private key and public key, first, navigate to ~/.ssh directory.  Then run the ssh-keygen command shown below. This command will generate both the private key and public key for the current user.

cd ~/.ssh
ssh-keygen -t rsa
cat id_rsa.pub

When we connect to a remote host from the local host,  the local host will act as a client.

Read more about private key and public from this article.

SSH configs in remote host

In order to enable passwordless authentication, we have to put generated public key in authorized_keys in all the remort hosts that want to connect to. Even in the remote hosts, we have the ssh configuration levels.

When we connect to a remote host from the local host, that remote host will act as a server.

Update the authorized_keys file in remote

First, check whether the authorized_keys file is available in the “~/.sss directory or not. To do that, we must connect to the remote host using ssh. In this step, we have to give the correct ssh password. But this is a one-time activity. Afterward, you don’t need to give a password in order to connect to the remote host via ssh. 

ssh <ssh_username>@<ssh_ip>

Once connected to the remote host, check whether the authorized_keys file is available or not in the .shh directory in the current user’s home directory. If it is not available create a ~/.sss/authorized_keys file in the user’s home directory.

cd ~
mkdir -p .ssh
cd .ssh

Once the authorized_keys file has been created, we have to add the generated public key as an entry in the authorized_keys file. So, copy the public key from the local host. Once it has been copied, paste it into the authorized_keys file in the remote host. Then save changes in the authorized_keys file.

vi authorized_keys
<Paste your public key>
:wq

Validate passwordless authentication with ssh

Now we have configured both our local host and the remote host. This is the time to validate passwordless authentication. So open a new terminal in the local host and run the ssh command again. This time terminal will not prompt for the password. Instead of that, you will be directory navigated to the remote host.

ssh <ssh_username>@<ssh_ip>

Conclusion

We can enable passwordless authentication with ssh using the public key in the local host and authorized_keys in the remote host. Enabling passwordless authentication will be helpful in many ways while you are working on a busy schedule. These are the summary of steps that we have to follow in order to enable passwordless authentication.

In local host

cd ~/.ssh
ssh-keygen -t rsa  # this crates id_rsa  and id_rsa.pub

In target host

cd ~/
mkdir -p .ssh # if .ssh directory already there skip this command
cd .ssh
vi authorized_keys
copy id_rsa.pub to authorized_keys

Comments

There are no comments yet.

Write a comment

You can use the Markdown syntax to format your comment.

Tags: ssh login without password